As more and more triathletes around the world are coming to realize that Garmin Connect is down, making it a challenge to upload their workouts, media outlets are reporting that Garmin is being blackmailed for $10 million to regain access to its data and systems.
BleepingComputer has posted a story in which it confirmed that the ransomware attack Garmin is facing is from a program called WastedLocker. They also cite a source that says “the attackers are demanding a $10 million ransom.”
“WastedLocker basically tries to hit all production data and corrupt/encrypt all backups so you are forced to pay a ransom to restore access,” technology expert Travis Sitzlar, who was formerly the Chief Technologist at Ironman, told us in the story we posted yesterday about Garmin’s outage.
The outage has also affected many of the company’s services that support its aviation navigational equipment including flyGarmin, Connext Services and Garmin Pilot Apps, which prevents pilots from downloading flight plans.
The group behind the WastedLocker ransomware is Evil Corp, which is said to have started up in 2007 creating malware directed at banks. According to ZDnet, the group got into ransomware in 2016, initially aiming at home consumers, but eventually shifting its sights to corporations. Two Russian men, Maksim Yakubets (thought to be the leader of Evil Corp) and Igor Turashev, were indicted by the US Department of Justice last December. The authorities accused Yakubets of stealing tens of millions of dollars through various malware programs. The indictment doesn’t seem to have slowed them down too much, though. The group is said to have started distributing the WastedLocker ransomware in May.
“Ransom demands that are asked by Evil Corp are now typically into the millions,” Maarten van Dantzig, a security researcher with cybersecurity company Fox-IT, told ZDNet in June.”We’ve seen demands of more than $10 million.”
As we reported yesterday, the outage has apparently forced a complete company shut down. The company’s call centres cannot receive any calls, emails or online chats and even production at the company’s factories in Taiwan was closed yesterday and today.