Garmin Facing US Probe Over Payments To Terrorists Via Third Party After Cyber Attack
Garmin is believed to be under investigation by US authorities, for paying cyber terrorists millions of dollars via a third party after their data operations were taken down in a major hack attack by an organisation called Evil Corp.
The US Company who like to present themselves as a squeaky-clean Company appears to have had no hesitation in paying Evil Corp who has been sanctioned by the US Treasury as a terrorist organisation.
ChannelNews understands that the Company was hit by a strain of ransomware called WastedLocker, which is believed to have been developed by individuals linked to a Russia-based hacking group.
The group, known as Evil Corp, was placed under sanctions by the US Treasury last December, and Sky News in the UK claimed that one ransomware negotiation company declined to work with Garmin to resolve the incident over fears of breaking those sanctions.
This means that Garmin could be in breach of US laws as it is illegal for Companies to pay a terrorist organisation.
The attack began on July 23rd, with the terrorist group taking down Garmin apps, website, and even its call centre. Offline for days the Company was suddenly back online with insiders tipping that Garmin paid millions to get an unlock description key allowing them to recover files and data.
The Company has not said whether it had paid a ransom in response to the attack, but noted that no customer data was accessed, lost, or stolen.
Bleeping Computer claims that what Garmin got for their money was an executable file that unlocked their network.
BleepingComputer claims that they were able to uncover references in the file to ransomware negotiation firm Coveware, and cybersecurity firm Emsisoft, indicating that Coveware may have negotiated a deal with Evil Corp and Emsisoft may have assisted Garmin in streamlining the decryption.
Neither company offered specific comment, although it seems plausible that a third party like Coveware – acting on Garmin’s behalf – negotiated with and paid Evil Corp, then billed Garmin for services performed.
It’s also not known whether Garmin will disclose the payment in their financials or treat it as a simple payment to a third-party Company for IT service.
BleepingComputer said that they believe Garmin must have paid the ransom because of the lack of known weaknesses in the WastedLocker virus.
Code from a Garmin-developed executable reviewed by BleepingComputer suggests the company paid the ransom on either July 24th or July 25th, and the publication confirmed that the executable was able to decrypt sample files encrypted by WastedLocker.