Fitness brand Garmin paid millions of dollars in ransom after an attack took many of its products and services offline last month, Sky News reports. The payment was reportedly made through a ransomware negotiation company called Arete IR, in order for Garmin to recover data held hostage as a result of the attack.
BleepingComputer reported last week that Garmin had received a decryption key to access data encrypted by the virus, and that the initial ransom demand was for $10 million.
The attack itself began on July 23rd, and put Garmin’s wearables, apps, website, and even its call centers offline for several days. Garmin confirmed that it had been the victim of a cyberattack on July 27th, as many of its services were starting to come back online. Its statement did not say whether it had paid a ransom in response to the attack, but noted that no customer data was accessed, lost, or stolen.
Early on, reports suggested that the fitness brand had been hit by a strain of ransomware called WastedLocker, which is believed to have been developed by individuals linked to a Russia-based hacking group. The group, known as Evil Corp, was placed under sanctions by the US Treasury last December, and Sky News reports that one ransomware negotiation company declined to work with Garmin to resolve the incident over fears of breaking those sanctions.
Arete IR declined to confirm to Sky News whether it had worked with Garmin to respond to the incident citing “contractual confidentiality obligations to all clients.”