Will Garmin pay $10 Million ransom in order to bring to an end ransomware attack after three days?
Russian playboy hacker holds Garmin to ransom: Lamborghini driving 33-year-old who runs Evil Corp and has $5m FBI bounty on his head has crippled the firm for the fifth day – and demanded $10m to give it back
- Garmin is being asked to pay a $10 million ransom after a cyberattack has taken down its systems and apps, including its website, for five days
- The navigation company was hit by a ransomware attack on Thursday with customers unable to log their fitness sessions in Garmin apps ever since
- It’s believed a Russian cybercriminal group known as Evil Corp is behind attack
- In December 2019, the U.S. Treasury Department sanctioned Evil Corp after causing more than $100 million in financial damages in U.S. banking system
- Maksim Viktorovich Yakubets, 33, is believed to be the head of Evil Corp
- Yakubets is known to work directly with the Russian government in carrying out malicious cyber attacks
- As a result, if Garmin wanted to pay the ransom, the could potentially be found to be breaking United States sanctions
- Pilots have also been unable to use the aviating app along with other problems
- The company’s communication systems have also been disabled and it now appears to be unable to respond to frustrated and disgruntled customers
- Some tech websites have reported that the company has been hit by a ransomware attack but the company hasn’t confirmed it
- Last month it was revealed Evil Corp had launched a new wave of ransomware attacks that has affected at least 31 major American corporations
By James Gordon For Dailymail.com
Published: 20:25 EDT, 26 July 2020 | Updated: 00:04 EDT, 27 July 2020
Millions of people around the world have found their Garmin devices, including those used by runners, cyclists and pilots are down for fifth day after being hacked by Russian group Evil Corps who are demanding a $10m ransom to restore their operation.
Garmin has been ordered to pay the ransom by the cybercriminal group headed by a 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a customized $250,000 Lamborghini.
In December 2019, the FBI placed a $5 million bounty on Yakubets head leading for information to his capture. It is the largest reward being offered for an alleged criminal connected to cybercrime.
Maksim Yakubets speaks with a police officer. Yakubets drives a customized Lamborghini Huracan supercar with a personalized number plate that translates to the word ‘Thief’
Maksim Viktorovich Yakubets, 33, is believed to be the head of Russian hacking group Evil Corp and responsible for the attack on Garmin’s systems. The FBI has a $5 million reward for information that leads to his capture
Yakubets’ latest target is Garmin who have still offered no explanation for their outage, but security analysts said the reason is likely ransomware, a technique used by hackers to encrypt data and extort funds.
The company said on Twitter that its website and Garmin Connect fitness app had been offline since Thursday. It said the ‘flyGarmin’ site used for aviation databases was also down.
On Sunday night, even the company’s website was unable to load properly.
The security news website Bleeping Computer reported that a source familiar with the incident said Garmin was attacked by the WastedLocker ransomware.
The ransomware attack encrypted the company’s data, and the Evil Corp e for the attack have demanded a $10 million ransom for the data to be freed up.
Screenshots show lists of the company’s files encrypted by the malware, with a ransom note individually attached to each file.
The ransom note tells the recipient to email one of two email addresses to ‘get a price for your data’.
It is not clear whether any customer data has been compromised, as the tech firm continues to investigate and works to resolve the matter.
Yakubets, married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya who runs a chain of Italian luxury clothing stores
Maksim Yakubets wedding in 2017 to Alyona Benderskaya whose father-in-law works for FSB
The malware has been linked to a Russian cybercriminal group known as Evil Corp.
In December 2019, the U.S. Treasury Department sanctioned Evil Corp after causing more than $100 million in financial damages in the American banking system.
As a result, if Garmin wanted to pay the ransom, the could potentially be found to be breaking United States sanctions.
Evil Corp is a Russia-based cybercriminal organization, headed by Maksim Yakubets, who are believed to be responsible for ransomware attack against Garmin
Files shared from a Garmin employee show how a ransomeware file had been attached to each one giving the user details of what to do next in order to retrieve their data
A tweet shows the email address that Garmin workers were told to email in order to restore access to their data
A note from the hackers has been attached to every single data file within Garmin’s systems along with details as to how the company will be able to restore access after paying a ransom
The company’s communication systems have also been disabled and it now appears to be unable to respond to frustrated and disgruntled customers
The navigation company was hit by a ransomware attack on Thursday with customers unable to log their fitness sessions in Garmin apps ever since
An outage map shows just how big of a problem the company’s apps are experiencing
Evil Corp targets banks primarily located in the United States and the United Kingdom.
The Dridex software was spread using phishing emails that would entice victims to click on malicious links or attachments embedded within the emails.
Evil Corp would then use compromised credentials to fraudulently transfer funds from victims’ bank accounts to those of bank accounts controlled by the group.
Evil Corp is known to be one of the world’s most prolific cybercriminal organizations and operates as a business run by a group of individuals based in Moscow, Russia.
In June, it was revealed how Evil Corp had breached 31 major American corporations with a new ransomware attack targeting employees working from home.
The cybersecurity firm Symantec first announced the breach and attributed it WastedLocker.
The FBI is offering a $5 million reward for info that leads to the capture of Maksim Yakubets who is known to work directly with the Russian government in carrying out malicious cyber attacks
Maksim Yakubets, second from left is believed to be the leader of Evil Corp. He is pictured with alongside, from left, Kirill Slobodskoy, Dimitriy Slobodskoy, Artem Yakubets, far right
Members of Evil Corp are living a lavish lifestyle, funded by the life savings of their victims.
If Maksim Yakubets, who used the online identity of ‘Aqua’, ever leaves the safety of Russia he will be arrested and extradited to the US. pic.twitter.com/BdoaxZrFBK
— National Crime Agency (NCA) (@NCA_UK) December 5, 2019
The declined to disclose the identities of the targeted companies, but they include eight Fortune 500 companies and one major news publication.
‘They are going after the biggest American firms, and only American firms.’
According to Symantec, the ransomware is first downloaded on a worker’s computer after clicking a malicious software update window.
Once installed on the person’s computer, the ransomware begins unlocking permissions on the remote corporate network the person is connected to, with the goal of eventually locking the entire company out of its own systems to extract a ransom payment.
According to Symantec, the software update window that initiates the entire process has come from from any one of 150 legitimate websites whose security Evil Corp has breached.
WastedLocker is part of a major expansion in hacking attempts focused specifically at major American business and government services in recent months.
Russian native Yakubets owns a customized Lamborghini with a number plate that reads THIEF in Russian (pictured). He provided a ‘Malware’ software which was downloaded by people who clicked on an email attachment which arrived in their inbox and stole their bank details
A Lamborghini Huracan and Audi R8 which were apparently used by Evil Corp members
One of Maksim’s supercars which has been intricately designed and customized
Worldwide, cybercrime results in losses that total in the billions of dollars, while in the United States, financial institutions and other businesses remain prime targets for cybercriminals.
In December 2019, the Department of State along with the United Kingdom’s National Crime Agency announced a $5 million reward for information leading to the capture of its leader, Maksim Yakubets, who is thought to be responsible for managing and supervising the group’s malicious cyber activities.
The U.S. Treasury has evidence that Yakubets works directly with the Russian government assisting in its pursuit of malicious cyber attacks but he is also not shy about his work.
Yakubets is known to have splashed out on a pet tiger and lion cubs, and owns a customized Lamborghini with a number plate that reads THIEF in Russian.
He is described as untouchable in Moscow, where he regularly films himself driving ‘doughnuts’ around police, with tires screeching, in one of his fleet of supercars.
For a decade the multi-millionaire is said to have run the world’s most harmful cyber-crime group.
Yakubets, who has worked for Russia’s FSB intelligence agency, is said to live like a king, splurging more than $250,000 on his wedding.
He married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya.
She is believed to be the owner of a chain of Moscow stores selling Italian luxury clothing called Plein Sport and graduated from the Higher School of Economics in Moscow in 2014. Benderskaya is believed to be Mr Yakubets’ second wife.
Her father, Yakubets’ father-in-law, is a former officer with an elite special-forces unit of the FSB, Eduard Bendersky but it is also believed that some of his spy work for the organization rubbed off on his daughter.
Benderskaya is known to be a founder of several companies called Vympel-Aktiv and Vympel-Protekt which are linked to the FSB’s Special Purpose Center, known mainly for counterterrorism operations and ‘foreign sabotage operations’ according to RadioFreeEurope.
In April 2018, Yakubets was in the process of obtaining a license to work with classified Russian information from the Russian spy agency, the FSB – the Federal Security Service of the Russian Federation. The FSB was the main successor agency to the KGB.
Yakubets was also responsible for recruiting and managing a network of individuals to Evil Corps who would then be responsible for facilitating the movement of money illicitly.
Evil Corp relies upon number of core individuals to carry out critical logistical, technical, and financial functions such as managing the Dridex malware, supervising the operators seeking to target new victims, and laundering the proceeds derived from the group’s activities.
Some of the other members cited for allegedly ‘providing material assistance’ in this way, according to Treasury, are Dmitriy Smirnov, Artem Yakubets, Ivan Tuchkov, Andrey Plotnitskiy, Dmitriy Slobodskoy and Kirill Slobodskoy.
The ransomware attack has led to a shutdown of many of Garmin’s systems.
Employees working from home connecting by VPN were also cut off from Garmin’s systems in an effort to halt the spread of the ransomware across its network.
Garmin been largely silent on the outage. On Saturday the company tweeted ‘We are currently experiencing an outage that affects Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.’
Andrey Plotnitskiy, who authorities identified as another member of Evil Corp
Maksim Yakubets, 32, left, has been named the world’s biggest cyber criminal running Evil Corp. Igor Turashev, right, is also allegedly involved in helping Evil Corp exploit victims’ networks. As of 2015, Turashev served as an administrator for Yakubets and had control over the Dridex malware software
Evil Corp have long been behind international computer hacking and bank fraud schemes, which allow members of the group to purchase supercars such as this Audi
Audrey
The Garmin Connect software can be seen unsuccessfully attempting to contact the company’s servers to upload fitness data. The experience has frustrated customers
One Twitter user posted a image that showed how their Garmin smartwatch was not able to be updated
Brent Callow, a threat analyst at the security firm Emsisoft, said he had no firsthand knowledge but that it ‘certainly has all the hallmarks of a ransomware incident.
‘There is really no other event that would be likely to cause such widespread disruption and cause a company to immediately shut down everything from its online services to its production line,’ Callow said.
Garmin’s online fitness tracking service is offline leaving runners and cyclists unable to upload data from their latest workouts.
Garmin Connect, an app and website that works with the company’s popular line of fitness watches, remained out of service on Sunday. The company apologized for the disruption at the end of last week when it indicated the problem was more widespread and also affected its communications systems.
Garmin Aviation, which provides cockpit navigation and communication services, said on its Facebook page its ‘flyGarmin’ website and mobile app were down.
Fitness enthusiasts took to social media to vent their frustrations about not being able to use the service.
Runners said that while the outage doesn’t stop them from training, not being able to use Garmin Connect means they can’t track their workout data or share their routes on Strava, a social network for runners and cyclists.
Some Garmin users were furious that the company had not explained the reason for its outage in five days while other mocked those who claimed it was disrupting their exercise routines
Atlanta tech executive Caroline Dunn, who runs five days a week and finished the New York Marathon in 2018, said the outage means she and her running friends can’t send each other kudos – Strava’s version of Facebook’s likes – to encourage each other.
‘We’re not doing this for our health, we’re doing this so that we can brag to our friends,’ Dunn said lightheartedly. ‘Now that we’re all social distancing, I don’t run in a group with my friends and they don’t watch me run. I have to brag online to my friends about all of my runs.’
The outage is also preventing athletes from proving that they’ve completed virtual runs that are replacing the many races cancelled because of the pandemic, Dunn said. Runners who use the Garmin system can’t be ranked because they can’t submit GPS data to organizers.
A selection of Garmin’s most popular products is shown above in a file photo
Smartwatch maker Garmin is suffering widespread outages after it was reportedly targeted in a ransomware attack. A notification about the update is seen on the company’s website
Connecticut runner Megan Flood saw the prolonged outage as both a curse and a blessing.
‘It’s frustrating in part because my Garmin is connected to my Strava (fitness app), and I like the community aspect on Strava,’ Flood, 27, said Friday. ‘But sometimes not being so connected to my device is nice. I’ve run some of my best races when I forgot my watch or covered my watch face, so I find there are pros and cons to be so connected to a watch.’
Tech-savvy users shared a workaround: plug the watch into a computer with a USB cable and manually transfer the files.
Some users also complained that Garmin’s lack of communication was a bigger problem.
Some Twitter users were quick to mock the situation Garmin and its wearers find themselves
