Will Garmin pay $10 Million ransom in order to bring to an end ransomware attack after three days?

29

View
comments

Garmin devices are down for fourth day after being hacked by Russian group Evil Corps who’ve demanded $10m. 

Multiple reports indicate that Garmin has been ordered to pay the ransom by the cybercriminal group headed by a 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a Lamborghini.

In December 2019, the FBI placed a $5 million bounty on Yakubets head leading for information to his capture.  

Garmin has still offered no explanation for the outage but security analysts said the reason is likely ransomware, a technique used by hackers to encrypt data and extort funds.     

The company said on Twitter that its website and Garmin Connect fitness app had been offline since Thursday. It said the ‘flyGarmin’ site used for aviation databases was also down.

On Sunday night, even the company’s website was unable to load properly.  

The security news website Bleeping Computer reported that a source familiar with the incident said Garmin was attacked by the WastedLocker ransomware.

The ransomware attack encrypted the company’s data, and the hackers responsible for the attack have asked for a $10 million ransom for the data to be freed up. 

Screenshots show lists of the company’s files encrypted by the malware, with a ransom note individually attached to each file.

The ransom note tells the recipient to email one of two email addresses to ‘get a price for your data’.

It is not clear whether any customer data has been compromised, as the tech firm continues to investigate and works to resolve the matter. 

Some reports have linked the malware to a Russian cybercriminal group known as Evil Corp.  

In December 2019, the U.S. Treasury Department sanctioned Evil Corp after causing more than $100 million in financial damages in the American banking system. 

As a result, if Garmin wanted to pay the ransom, the could potentially be found to be breaking United States sanctions. 

Evil Corp is a Russia-based cybercriminal organization, headed by Maksim Yakubets, who are believed to be responsible for ransomware attack against Garmin.

The group are known for the development and distribution of Dridex malware which worked to steal confidential information, including online banking credentials from infected computers. 

In 2016, it was estimated the group had managed to obtain banking credentials from customers at more than 300 banks and financial institutions in more than 40 countries earning them at least $100 million, though it is likely that the total amount of their illicit proceeds is significantly higher.

Evil Corp targets banks primarily located in the United States and the United Kingdom. 

The Dridex software was spread using phishing emails that would entice victims to click on malicious links or attachments embedded within the emails. 

Evil Corp would then use compromised credentials to fraudulently transfer funds from victims’ bank accounts to those of bank accounts controlled by the group. 

Evil Corp is known to be one of the world’s most prolific cybercriminal organizations and operates as a business run by a group of individuals based in Moscow, Russia.

Worldwide, cybercrime results in losses that total in the billions of dollars, while in the United States, financial institutions and other businesses remain prime targets for cybercriminals. 

In December 2019, the Department of State along with the United Kingdom’s National Crime Agency announced a $5 million reward for information leading to the capture of its leader, Maksim Yakubets, who is thought to be responsible for managing and supervising the group’s malicious cyber activities.  

The U.S. Treasury has evidence that Yakubets works directly with the Russian government assisting in its pursuit of malicious cyber attacks but he is also not shy about his work.

 Yakubets drives a customized Lamborghini supercar with a personalized number plate that translates to ‘Thief’.

In April 2018, Yakubets was in the process of obtaining a license to work with classified Russian information from the Russian spy agency, the FSB – the Federal Security Service of the Russian Federation. The FSB was the main successor agency to the KGB. 

Yakubets was also responsible for recruiting and managing a network of individuals to Evil Corps who would then be responsible for facilitating the movement of money illicitly.

The ransomware attack has led to a shutdown of many of Garmin’s systems. 

Employees working from home connecting by VPN were also cut off from Garmin’s systems in an effort to halt the spread of the ransomware across its network. 

Garmin been largely silent on the outage. On Saturday the company tweeted ‘We are currently experiencing an outage that affects Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.’ 

Brent Callow, a threat analyst at the security firm Emsisoft, said he had no firsthand knowledge but that it ‘certainly has all the hallmarks of a ransomware incident.

‘There is really no other event that would be likely to cause such widespread disruption and cause a company to immediately shut down everything from its online services to its production line,’ Callow said.

 

Garmin’s online fitness tracking service is offline leaving runners and cyclists unable to upload data from their latest workouts.

Garmin Connect, an app and website that works with the company’s popular line of fitness watches, remained out of service on Sunday. The company apologized for the disruption at the end of last week when it indicated the problem was more widespread and also affected its communications systems.

Garmin Aviation, which provides cockpit navigation and communication services, said on its Facebook page its ‘flyGarmin’ website and mobile app were down.   

Fitness enthusiasts took to social media to vent their frustrations about not being able to use the service.  

Runners said that while the outage doesn’t stop them from training, not being able to use Garmin Connect means they can’t track their workout data or share their routes on Strava, a social network for runners and cyclists.

Atlanta tech executive Caroline Dunn, who runs five days a week and finished the New York Marathon in 2018, said the outage means she and her running friends can’t send each other kudos – Strava’s version of Facebook’s likes – to encourage each other. 

‘We’re not doing this for our health, we’re doing this so that we can brag to our friends,’ Dunn said lightheartedly. ‘Now that we’re all social distancing, I don’t run in a group with my friends and they don’t watch me run. I have to brag online to my friends about all of my runs.’

The outage is also preventing athletes from proving that they’ve completed virtual runs that are replacing the many races cancelled because of the pandemic, Dunn said. Runners who use the Garmin system can’t be ranked because they can’t submit GPS data to organizers.

Connecticut runner Megan Flood saw the prolonged outage as both a curse and a blessing.

‘It’s frustrating in part because my Garmin is connected to my Strava (fitness app), and I like the community aspect on Strava,’ Flood, 27, said Friday. ‘But sometimes not being so connected to my device is nice. I’ve run some of my best races when I forgot my watch or covered my watch face, so I find there are pros and cons to be so connected to a watch.’ 

Tech-savvy users shared a workaround: plug the watch into a computer with a USB cable and manually transfer the files.

Some users also complained that Garmin’s lack of communication was a bigger problem. 

Read more: