You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Did Garmin Pay Evil Corp?

Yes, Evil Corp. The hacker group crippled Garmin's systems and happily accepted the company's ransom money.

After a recent Ransomware attack at the smartwatch maker, runners and cyclists around the world lost access their exercise data.

And more frighteningly, pilots couldn't update their navigation equipment.

All this after WastedLocker Ransomware crippled Garmin's global network.

The malicious software encrypted the files on Garmin's corporate network and demanded a ransom be paid in order for the files to be decrypted, essentially shuttering the firm's entire business.

Security researchers attribute WastedLocker to Evil Corp, a well-known and wildly successful Russian hacking group. Yes, they go by the name Evil Corp! The members of Evil Corp (aka Dridex gang) were also the subject of a DOJ indictment and sanctions last year.

The sanctions mean that "US persons are generally prohibited from engaging in transactions" with the cyber criminals.

After the charges, Evil Corp stayed quiet. For about a month. And clearly they're back at it! After all, they have some expensive lifestyles to fund.

These cybercriminals run vast enterprises, even building cartels. They're wildly profitable.

Reports suggest Garmin contributed to these ill-gotten riches, paying the attackers to gain the decryption key. If so, paying these criminals, even through a third party, could run afoul of US sanctions.

Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.

These attacks cripple businesses and fund all forms of illicit actors.

It's time to stop these cybercriminals.

Are you ready to take action?
We make it easy to protect your team from attacks just like this one. Find out how to protect your team with INFIMA's Automated Security Awareness platform.

To get a quote, set up a call with our (non-pushy) team here!

Original articles here, here and here.
[https://news.sky.com/story/garmin-obtains-decryption-key-after-ransomware-attack-12036761]
[https://www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/]
[https://www.zdnet.com/article/new-wastedlocker-ransomware-demands-payments-of-millions-of-usd/]

Joel Cahill

Cyber security enthusiast. Entrepreneur.