It has been claimed that Garmin has paid a third-party business 10 million United States dollars in order to get its networks back up and running following the latest cyber assault.
To refresh your memory, the company’s services were disrupted for around five days before they began to gradually recover. Initially, Garmin said that there was an “outage,” but the company subsequently revealed that it had been the target of a cyber assault. However, it did not provide a great deal of information.
Despite this, some members of the Garmin team took to social media during the downtime to announce that the company had been the victim of a ransomware assault. After then, reports appeared that provided further proof demonstrating that this was, in fact, the situation.
It was reported by Bleeping Computer that the firm had been infected with the WastedLocker malware. This causes malicious executables to be released into the system of the victim, where they encrypt the files on the server, so rendering them inaccessible. According to reports, Garmin was requested $10 million in order for the company to disclose the code that would enable it to access the encrypted data and return everything to its previous state.
Is it possible that this was a ransomware attack?
The majority of the chaos caused by the event has been cleared up at this point, however, new information suggests that it was in fact a ransomware assault. In addition to this, it is possible that the corporation paid a multi-million-dollar ransom in order to obtain the passcode that would allow it to put the system back into working condition.
Although ten million US dollars may seem like a lot of money (and it is), the alternative of restoring the entire system and dealing with the repercussions may have been far more expensive and time-consuming. To put these numbers in perspective, Garmin’s sales for 2019 were $3.75 billion, and the company made $2.23 billion in profits!
The fact that it is not as easy as recovering the systems from a backup is one of the aspects that contribute to the problem. It is possible that it was impossible to identify how long the infection remained latent, which means that it is possible that the backups were also corrupted. In addition, because the company’s whole business was offline, Garmin would require an entirely separate production environment to which it could restore its backup.
Sky News has provided the public with some exciting new information. The news outlet claims that Evil Corp., which is located in Russia, was the one responsible for releasing the malware. Because of its decade-long hacking effort, this particular cyber criminal organisation was blacklisted by the United States Treasury Department in December of last year. The imposition of sanctions makes it extremely difficult, if not impossible, for businesses domiciled in the United States to pay the ransom, even if they so want.
Garmin was able to successfully bargain the ransom and secure the decryption key by working via a third-party organisation known as Arete Incident Response, according to unnamed individuals who spoke to Sky News. This company assists businesses in securing their networks and resolving assaults against such networks.
Who even realised that there was an entire business that worked on preventing and assisting organisations in navigating situations like these?! However, ransomware assaults are not nearly as rare as you would believe they are.
According to a statement that was sent by Arete to Sky News, the company “follows all suggested and mandatory checks to guarantee conformity with US trade sanctions rules.” According to a statement that Garmin provided to Sky News, the company “had no other remark to make.”