While Garmin assures customers no personal information was stolen, many are left wondering whether the adventure tech giant paid hackers a reported $10 million ransom.
Wide speculation was confirmed yesterday after Garmin publicly acknowledged its multiday service outage was the result of a cyber attack.
“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen,” Garmin posted to its site Monday.
“Additionally, the functionality of Garmin products was not affected, other than the ability to access online services. Affected systems are being restored and we expect to return to normal operation over the next few days.”
Despite Garmin’s reassurance, however, it’s unclear how the brand managed to restore service after hackers successfully encrypted many of its services worldwide. Tech site BleepingComputer reported that sources within Garmin said hackers were demanding Garmin pay $10 million to relinquish their hold.
When GearJunkie asked Garmin about the attack, the brand said it had no further comment beyond its public statement. Garmin has not confirmed the attack was ransomware. But numerous sources — including ZDNet and ArsTechnica — identified the attack as a strain of ransomware called WastedLocker.
What’s more, according to reports, that malware is attributed to the Russian hacking group Evil Corp, an outfit known to extract millions of dollars from its cyber-heists. In fact, Evil Corp has such a high-profile rap sheet, the United States has issued sanctions against the group and offered a $5 million reward leading to the capture of its leader.
If there’s a bright side, according to a report by the NCC Group — an online threat research group — Evil Corp appears to intentionally not steal users’ data, nor threaten to publish or use it. Up to now, the outfit has employed WastedLocker to seize control of services and hold them for ransom.
Garmin said its services and user data sync will be fully restored “over the next few days.” The brand also has a status page to update users on restored services, available here.
