Users of the American company Garmin, one of the world’s largest navigation equipment and “smart” watches manufacturers, faced a multi-hour failure of its services on July 22. The Garmin Connect service, designed to sync data on the physical activity of smartwatches’ owners, became completely unavailable, the company’s official website and the support service were disrupted: Garmin could not receive calls or emails from customers.
For several days until July 27 the services remained unavailable, an unusual situation for such a large international corporation as Garmin (Garmin’s revenue in 2019 amounts to more than $3.7 billion). According to some public sources, the cause of the failure was a hacker cyberattack on Garmin’s resources. The new WastedLocker ransomware that appeared back in May, like other similar malware, operates according to a particular scenario: it encrypts the victim’s data, deletes the original files, and then demands a huge sum as ransom. To “unlock” the required data hackers demand to transfer the ransom in cryptocurrency, usually in bitcoins. It is impossible for the victim to restore data without backup copies.
According to Malwarebytes analysts’ conclusions, WastedLocker creators are the hacker group Evil Corp. The group became world-known when the banking trojan Dridex infected thousands of computers around the world and was used for blackmail, fraud and identity theft. The impunity of Evil Corp costs the affected companies dearly. According to the US authorities, the total amount of damage caused by the group exceeds $100 million. The British authorities estimate damage to the UK alone at several hundred million pounds. They call Evil Corp the most significant threat in the field of cybercrime.
At the moment, Garmin services are gradually being restored. The Garmin Connect platform is available in a limited mode, and devices have started downloading data for syncing, but the process may take a long time, up to seven days. At the same time paying a “ransom” is not an option: Evil Corp is subject to sanctions from the US authorities, so if Garmin attempts to negotiate and pay the amount requested by fraudsters, it is likely to faces criminal prosecution since American companies are prohibited from participating in any transactions with members of the group. Besides, it doesn’t make sense to collaborate with the hackers as they are unable to provide any guarantees in case the ransom is paid .