An ongoing global failure at sports and fitness technology giant Garmin was caused by a ransomware attack, according to two sources with direct knowledge of the incident.
The incident started late Wednesday and continued until the weekend. Millions of users, including Garmin Connect, which synchronizes user activity and data with the cloud and other devices, disrupted the company's online services. The attack also brought flyGarmin, its flight navigation and route planning service, to a standstill.
Parts of the Garmin website were also offline at the time of writing.
Garmin has said little about the incident so far. A banner website says, "We currently have a failure that affects Garmin.com and Garmin Connect. This failure also affects our call centers. We are currently unable to receive calls, emails, or online chats. We are working to resolve this issue as soon as possible and apologize for the inconvenience. "
In a brief update on Saturday, Garmin said there was "no evidence that this failure affected your data, including activity, payment, or other personal information."
The two sources, who spoke on condition of anonymity as they are not authorized to speak to the press, told theinformationsuperhighway that Garmin had tried to put his network back online after the ransomware attack. One of the sources confirmed that the WastedLocker ransomware was responsible for the failure.
Another news agency appeared to confirm that the failure was caused by WastedLocker.
WastedLocker is a new type of ransomware developed by security researchers at Malwarebytes in May and developed by a hacker group called Evil Corp. is operated. Like other malware that encrypts files, WastedLocker infects computers and locks the user's files normally for a ransom demanded in cryptocurrency.
Malwarebytes said that unlike other recent ransomware strains, WastedLocker does not appear to be able to steal or filter data before the victim's files are encrypted. This means that backup companies can avoid paying the ransom. However, companies without backups had to make ransom claims of up to $ 10 million.
The FBI has also long prevented victims from paying ransom for malware attacks.
Evil Corp has a long history of malware and ransomware attacks. The group, allegedly led by a Russian citizen, Maksim Yakubets, is known to have used Dridex, a powerful malware that has stolen more than $ 100 million from hundreds of banks over the past decade. Later Dridex was also used as a means of delivering ransomware.
Yakubets, who remains at large, was indicted by the Department of Justice last year for allegedly playing a part in the “unimaginable” amount of cybercrime the group has witnessed in the past decade, the U.S. Attorney General said.
The Treasury also sanctioned Evil Corp, including Yakubets and two other suspected members, for participating in the decades-long hacking campaign.
The imposition of sanctions makes it almost impossible for US-based companies to pay the ransom, even if they choose to, because US citizens are "generally prohibited from doing business with them," according to a Treasury statement.
Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft, said these sanctions made it "particularly complicated" for US-based companies dealing with WastedLocker infections.
"WastedLocker has been attributed to some Evil Corp security companies, and well-known Evil Corp members – who are said to have loose ties to the Russian government – have been sanctioned by the US Treasury Department," Callow said. “Because of these sanctions, US people are generally prohibited from doing business with these known members. This appears to create a legal minefield for any company that may be considering paying a WastedLocker ransom, ”he said.
Efforts to contact the alleged hackers have been unsuccessful. The group uses different email addresses in each ransom note. We sent an email to two known email addresses related to a previous WastedLocker incident, but received no response.
A Garmin spokesman could not be reached on Saturday by phone or email for a comment. (Garmin's email servers had been down since the beginning of the incident.) Messages sent via Twitter were also not returned. We will update when we hear something.
Send tips securely via Signal and WhatsApp to +1 646-755-8849 or send an email to: firstname.lastname@example.org