Soon after Russian hacker group Evil Corp demanded a ransom of £7.8 million from Garmin after encrypting the company’s computer systems, the smartwatch maker has reportedly paid a multi-million-pound ransom to the hacker group to recover its data.
According to Sky News, Garmin engaged a ransomware negotiation business called Arete IR to negotiate the quantum of ransom with the hacker group before deciding to pay up. The company had reportedly received the decryption key last week to recover its encrypted files that were affected by the ransomware attack.
According to Garmin, the ransomware attack affected many of its online services such as website functions, customer support, customer-facing applications, and company communications. However, the company assured its customers that it had no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen.
“Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed,” the company said.
“We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide exceptional customer service and support that has been our hallmark and tradition.”
Sky News learned from several sources that since engaging with individuals who are sanctioned by the U.S. government is prohibited, Garmin could not directly pay a ransom to Evil Corp as seventeen individuals and seven businesses tied to Evil Corp are sanctioned by the U.S. Treasury.
Therefore, Garmin chose to engage Arete IR which claims there is no conclusive proof that may link WastedLocker ransomware with Evil Corp. Arete IR then paid the hacker group as part of its ransomware negotiation services.
If the reports are correct, this indicates yet another resounding victory for hacker groups that use powerful ransomware variants to target cash-rich multinational organisations, encrypt their files and systems, and force them to pay out millions in cash.
Earlier today, Reuters reported that U.S. travel management firm CWT paid as much as $4.5 million (£3.45 million) to a hacker group that used the feared Ragnar Locker ransomware to encrypt the company’s files and computer systems.
In January, foreign currency exchange service Travelex also paid $2.3 million in ransom to REvil ransomware gang after the hacker group used the Sodinokibi ransomware to successfully encrypt Travelex’s entire network, delete backup files and exfiltrate more than 5GB of personal data. They initially demanded $6 million (£4.6m) to return the encrypted files but according to The Wall Street Journal, they finally settled for $2.3 million paid in Bitcoin.