Report: Garmin Secure Decryption Key, Ransom Paid to Hackers


More than a week after Garmin was crippled by a ransomware attack, the company’s services continue to return to normal. It is said that the activities are synchronizing, that the store and customer support of the company are open for business and Garmin factories are starting to vibrate again.

But there are lingering questions that remain from Garmin’s ordeal.

Last week, CyclingTips took a look at how the Garmin cyberattack happened and what it means for users, with industry specialist – Oren T. Dvoskin, from Israeli computer security firm SASA Software – providing an overview of circumstances that led to the fall of Garmin and ripples that continue to spread.

But maybe the central issue that remains isn’t how it happened, but how Garmin got it stopped.

Reports following the ransomware attack revealed that Garmin had been affected by the WastedLocker strain of ransomware, a tool by Russian criminal hacking gang Evil Corp. Ransomware, where malicious hackers encrypt a company’s data. and keeping it hostage until a ransom has been paid – usually in cryptocurrency – is on the rise, and Garmin is one of the most prominent companies to fall prey to it. In this case, the price for unlocking the encrypted data was US $ 10 million.

Evil Corp has been sanctioned by the US Treasury, which means it would have been illegal for Garmin to pay the ransom – directly or indirectly. However, Sky News reported midweek that Garmin had “obtained the decryption key” to recover its files, suggesting Garmin had a cough.

New reports from BleepingComputer have now confirmed this to be the case. The site obtained an executable file created by Garmin’s IT department, and from there was able to demonstrate that Garmin paid the ransom on July 24 or 25 – a few days after the attack.

BleepingComputer was also able to discover references on the file to ransomware trading firm Coveware and cybersecurity firm Emsisoft, indicating that Coveware may have negotiated a deal with Evil Corp and that Emsisoft may have helped Garmin to streamline decryption. Neither company made a specific comment, although it seems plausible that Coveware – acting on behalf of Garmin – negotiated and paid Evil Corp and then billed Garmin for the services rendered.

US travel management firm CWT was the victim of a similar attack last week, using Ragnar Locker rather than the WastedLocker ransomware. In this case, Reuters reports that the hackers offered a generous discount for the timely payment of the ransom and were cordial and customer service oriented throughout the process – CWT data has been held hostage for the same. amount of 10 million US dollars, but the company ultimately negotiated payment of only 4.5 million US dollars.

For the past week and a half, CyclingTips has been in contact with Garmin, but the company declined to comment on specific questions asking, on the one hand, whether Garmin paid the ransom to hackers, and on the other hand, whether this took place directly or through a third party. .

At this point, there has been no announcement of fines imposed on Garmin by the US Treasury. Given that Garmin’s 2019 revenue was US $ 3.75 billion, perhaps any punishment that follows can be seen as a drop in the ocean and part of the hard lesson of the company in cybersecurity.


Please enter your comment!
Please enter your name here