Last week Garmin was tasked with restoring its systems after what it initially called an outage.
Due to the nature of the outage and its length, many believed there was something more nefarious at play and as the days wore on it was revealed that the outage was due to a cyberattack, more specifically, ransomware.
While Garmin didn’t state the strain of ransomware used, many believe it to be WastedLocker, the creation of Russian hacking group Evil Corp.
This puts Garmin in a sticky position especially if a report by Sky News that the firm paid Evil Corp a ransom, holds water.
That report alleges that while Garmin didn’t make a payment directly, it did employee Arete Incident Response which negotiated the ransom on behalf of Garmin.
So where do things get sticky?
In December 2019, Evil Corp was sanctioned by the US Treasury Department.
“As a result of today’s designations, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them. Additionally, any entities 50 percent or more owned by one or more designated persons are also blocked. Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons,” wrote the US Treasury.
As Sky News points out, should Garmin have paid the ransom it could be seen as a it “engaging in transactions” with Evil Corp.
Of course, this hinges on Evil Corp being behind the WastedLocker ransomware.
However, Arete Incident Response believes that ties to WastedLocker and Evil Corp are not conclusive. The firm points to four reasons that Evil Corp may not be behind the ransomware but as WastedLocker is relatively new, determining its birthplace is still up for debate.
However, neither Garmin not Arete Incident Response has confirmed that a ransom was paid and we don’t suspect that we will get confirmation from either firm short of an investigation forcing it to reveal that information.
The good news is that Garmin’s systems are mostly restored with some features taking a bit longer to get online. Garmin users can keep up with developments here.