- Garmin allegedly paid a ransom through an intermediary, Arete IR, to recover from a cyberattack.
- The move theoretically helped Garmin recover without violating sanctions.
- The payment is thought to be a sum of “several millions”.
Garmin may have recovered from a multi-day ransomware attack simply by paying the ransom – albeit through indirect means.
Sky News Sources claim that the maker of fitness watches paid attackers “several million dollars” through Arete IR to restore Garmin Connect and other vital features eliminated by the WastedLocker malware.
The company reportedly attempted to pay the ransom through an anonymous specialist in such incidents. This company turned down Garmin because of the risk of a violation of US sanctions against Evil Corp, the Russian cybercrime group allegedly linked to the attack. Garmin turned to Arete IR, who cast doubt on the connection between WastedLocker and the sanctioned attackers.
Garmin has not commented on the latest claims. A spokesperson for Arete said the company “could not discuss” customers due to confidentiality agreements, but was honoring “all recommended and required screenings” to honor US sanctions.
If that’s true, it wouldn’t be shocking. Ransomware is not easily overcome while avoiding ransom, and it has affected the very core of Garmin’s business. He couldn’t afford to spend long trying to get his data back when users were skipping important features. The money Garmin would pay with a ransom would be insignificant compared to lost sales and a bitter reputation.
At the same time, a payment would not be ideal for the security of the technology industry. Cybercriminals can feel more empowered knowing that a large company like Garmin feels obligated to pay. Scammers might not rush to target other tech giants, but they could use ransomware against outfits that might otherwise have been unharmed.
Source: Android Authority