After a ransomware attack paralyzed the manufacturer of navigation devices Garmin, the company apparently had to pay a ransom to regain control of its data.
Almost two weeks ago, the manufacturer of the navigation devices was paralyzed on a large scale by an attack with ransomware, known as ransomware. Owners of Garmin products such as GPS devices and smartwatches could only use them to a limited extent at best, and even factory production was temporarily stagnated.
Operations returned to normal at the beginning of last week. As “Sky News” now reports, but probably only because the ransom was paid to the operators of the ransomware software to be able to access encrypted data in the Garmin systems again.
Suspected hackers under US sanctions
Security experts blame ransomware “Wastedlocker” for the attack on Garmin. The vast majority of experts assume that the Russian hacker group “Evil Corp” is behind “Wastedlocker”. The senior executives of “Evil Corp” were subjected to US sanctions last year that prohibit them from doing any kind of business – including redemption payments. Those who do so are exposed to civil and criminal risks.
According to “Sky News”, Garmin did not interact directly with the hackers but through intermediaries in the form of the security company Arete IR. Earlier, other security companies had canceled Garmin on the grounds of legal risks. Arete IR, on the other hand, published a small security document on its website that was intended to show why Evil Corp was unlikely to be involved in the attack – and that any ransom payments were legally unproblematic.
According to “Bleeping Computer”, the attackers are said to have asked for ten million dollars. It is unclear what amount was actually paid. In fact, Garmin has received the necessary decryption information from hackers.
Professional business negotiation
Chat logs from another case show how a redemption payment is handled in principle. This affected the American travel service provider CWT. A company representative talked to the hackers and tried to negotiate the redemption amount. The exchange seems completely professional, like negotiating the sale of a tractor there.
Once the transaction is complete, there are even some free security tips from the ransomware operators so that the company does not experience such a costly event again. The company should introduce shift work in its IT security department so that countermeasures can be taken at any time.
Back to the website