A global outage underway at the sports and fitness giant Garmin it was caused by a ransomware attack, according to two sources with direct knowledge of the accident.
The incident started late Wednesday and continued throughout the weekend, causing the company's online services to cease for millions of users, including Garmin Connect, which synchronizes user activity and data with the cloud and other devices. The attack also brought down flyGarmin, its air navigation service and route planning.
Parts of the Garmin website were offline even at the time of writing.
So far Garmin has said little about the accident. A banner on its website reads: "We are currently experiencing an outage affecting Garmin.com and Garmin Connect. This outage also affects our call centers and we are currently unable to receive calls, e-mails or online chats. We are working to resolve the issue as quickly as possible and apologize for the inconvenience. "
The two sources, who spoke on condition of anonymity since they are not authorized to speak to the press, told ProWellTech that Garmin was trying to bring its network online after the ransomware attack. One of the sources confirmed that the WastedLocker ransomware was responsible for the termination.
Another store confirmed that the outage was caused by WastedLocker.
WastedLocker is a new type of ransomware, first discovered by Malwarebytes security researchers in May, managed by a group of hackers known as Evil Corp. Like other file-encrypting malware, WastedLocker infects computers and locks files on the computer. user in exchange for a ransom, typically required in cryptocurrency.
Malwarebytes claimed that WastedLocker does not steal or exfiltrate data before encrypting the victim's files, unlike other more recent ransomware strains. This means that companies with backups may be able to avoid paying the ransom. But companies without backups faced ransom demands of up to $ 10 million.
The FBI has also long discouraged victims from paying ransoms related to malware attacks.
Evil Corp has a long history of malware and ransomware attacks. The group, allegedly led by a Russian citizen Maksim Yakubets, is known to have used Dridex, a powerful password-stealing malware that has been used to steal more than $ 100 million from hundreds of banks in the past decade. Subsequently, Dridex was also used as a means of providing ransomware.
Yakubets, who remains in general, was indicted by the Justice Department last year for his allegedly unimaginable amount of cybercrime in the group in the past decade, according to US prosecutors.
The Treasury also imposed sanctions on Evil Corp, including Yakubets and two other alleged members, for their involvement in the decades-long hacking campaign.
With the imposition of sanctions, it is almost impossible for US-based companies to pay the ransom - even if they wanted to - given that US citizens are "generally prohibited from entering into transactions with them," according to a Treasury statement.
Brett Callow, threat analyst and ransomware expert at security firm Emsisoft, said that these penalties make it "particularly complicated" for US-based companies dealing with WastedLocker infections.
"WastedLocker has been attributed by some security companies to Evil Corp, and the well-known members of Evil Corp - which allegedly have loosened ties to the Russian government - have been sanctioned by the US Treasury," said Callow. "As a result of these sanctions, U.S. people are generally prohibited from making transactions with those known members. This would appear to create a legal minefield for any company that might consider paying a WastedLocker ransom, "he said.
Efforts to contact the alleged hackers have not been successful. The group uses different email addresses in each ransom note. We have sent an email to two known email addresses associated with a previous WastedLocker incident, but have not received a response.
On Saturday, a Garmin spokesman was not reached for a comment by phone or email. (Garmin email servers have been inactive since the incident.) Messages posted on Twitter have also not been returned. We will update if we hear again.
