The company is said to have used an intermediary to avoid US sanctions.
To regain access to internal files and systems after a hacker attack, Garmin paid the criminals a “multimillion ransom” through an intermediary, according to Sky News reports.
To negotiate with the hackers, Garmin turned to cybersecurity specialists, but they refused to cooperate with the hackers directly, fearing sanctions from the American authorities.
Criminals attacked Garmin systems with WastedLocker ransomware. According to Fox-IT and MalwareBytes experts, the cybercriminals asked for an amount between $500,000 to $10 million in BTC. Russia Evil Corp, which is under US sanctions, is suspected of hacking. To avoid US sanctions, Garmin was unable to pay them directly so they proceeded with a third-party.
Garmin asked Arete IR for help. After their own investigation, Arete IR couldn’t find any links between WastedLocker and the Russian company.
On July 23, 2020, Garmin’s online services, website and communication systems became unavailable. The company could partially restore access on July 27. It confirmed a cyberattack. Some employees reported that the systems were disrupted by the WastedLocker ransomware virus.