The company received the keys to decrypt the files and now its products are working as usual.
Smartwatch and navigation equipment maker Garmin paid a multimillion-dollar ransom to reactivate its services. The payment was made through a third-party firm Arete IR, which deals with such situations. This was reported by Sky News, citing sources close to the situation.
Garmin confirmed that they were the victim of a virus attack on July 23, but did not disclose details. According to the publication, Garmin received the key to decrypt its files after paying the ransom. However, the company did not proceed with the payment directly due to fears of sanctions from the US authorities.
As reported by ZDNet sources, the Garmin was the victim of an attack WastedLocker virus that encrypts files on the internal network of companies and to paralyze the work of redemption. Its authors are believed to be members of the Russian group Evil Corp , on 17 members and seven legal entities of which the US authorities have imposed sanctions.
Under US law, in this case, American citizens and companies cannot transfer money to persons on the sanctions list. As suggested by Sky News, Garmin approached Arete IR for the ransom payment due to concerns about possible problems with the US authorities.
Arete IR insists that the WastedLocker virus is not affiliated with Evil Corp and is not a product of the group. Garmin and Arete IR did not deny or confirm that they paid the ransom.
Garmin services have been down for over a week. Because of this, many professional and amateur athletes were unable to sync data and access past training statistics.
As Meduza wrote in December 2019, the Evil Corp group is linked to the Russian FSB. According to the newspaper, the leader of the hackers Maxim Yakubets is married to the daughter of a high-ranking special forces officer and has access to state secrets.