GPS technology company Garmin is recovering from a recent ransomware attack and has reportedly received a decryption key to recover its files, suggesting it may have paid a ransom, as uncovered by Bleeping Computer.
The site found that the attackers used the WastedLocker Ransomware and reported that they demanded $10 million as a ransom. Now, it also uncovered that Garmin is using a decryption key to regain access to its files, suggesting that the company may have paid that ransom demand or some other amount. The WastedLocker software uses encryption which has no known weaknesses, so the assumption is that to break it, the company must have paid the attackers for the decryption key.
Garmin was the victim of the ransomware attack at the end of July, when hackers succeeded in shutting down services including Garmin Connect, the network which syncs data for Garmin customers using wearables such as watches. Affected systems came back online within a few days, but services continued to be slow for some users.
As well as the inconvenience for wearables users, the hack had some people worried about more serious consequences as well. Some aviation navigation software like the flyGarmin app was also affected, meaning it could have been in breach of Federal Aviation Authority (FAA) requirements.
The company reassured customers that no customer data was stolen, and that no payment information from the Garmin Pay payment system was accessed or stolen either.
On Twitter, the company announced last week, “We are happy to report that many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation. Some features still have temporary limitations while all of the data is being processed.”
When asked for comment on these reports, a Garmin representative pointed Digital Trends to a statement the company made about the incident last week and said it had no further comments at this time.
Update August 3, 2020: Added response from Garmin
