Skip to main content

Garmin reportedly used decryption key, may have paid ransom after cyberattack

GPS technology company Garmin is recovering from a recent ransomware attack and has reportedly received a decryption key to recover its files, suggesting it may have paid a ransom, as uncovered by Bleeping Computer.

The site found that the attackers used the WastedLocker Ransomware and reported that they demanded $10 million as a ransom. Now, it also uncovered that Garmin is using a decryption key to regain access to its files, suggesting that the company may have paid that ransom demand or some other amount. The WastedLocker software uses encryption which has no known weaknesses, so the assumption is that to break it, the company must have paid the attackers for the decryption key.

Garmin was the victim of the ransomware attack at the end of July, when hackers succeeded in shutting down services including Garmin Connect, the network which syncs data for Garmin customers using wearables such as watches. Affected systems came back online within a few days, but services continued to be slow for some users.

As well as the inconvenience for wearables users, the hack had some people worried about more serious consequences as well. Some aviation navigation software like the flyGarmin app was also affected, meaning it could have been in breach of Federal Aviation Authority (FAA) requirements.

The company reassured customers that no customer data was stolen, and that no payment information from the Garmin Pay payment system was accessed or stolen either.

On Twitter, the company announced last week, “We are happy to report that many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation. Some features still have temporary limitations while all of the data is being processed.”

When asked for comment on these reports, a Garmin representative pointed Digital Trends to a statement the company made about the incident last week and said it had no further comments at this time.

Update August 3, 2020: Added response from Garmin

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
North Korea may have stolen U.S. fighter jet blueprints in a recent cyberattack
A hand on a laptop in a dark surrounding.

The most concerning heists of the 21st century don't involve big banks or casinos, cracking open a safe, or fast getaway cars (sorry Ocean's fans). Rather, thieves in our digital day and age are relying upon cyberattacks to steal valuable information, and in one of the most recent plots, North Korean hackers are said to have stolen "tens of thousands of documents related to the defense industry -- including U.S. fighter jet designs."

The theft was the result of an attack on South Korean companies and government agencies that ultimately compromised 140,000 computers, Reuters reports. A total of 40,000 defense-related materials were stolen, including the blueprints for wings of F-15 fighter jets. These blueprints appear to have been obtained from Korean Air Lines, which serves as a contract manufacturer for the military of South Korea.
“North Korea turns out to have been preparing for a long time to try to launch a countrywide cyberattack,” South Korea's Korean National Police Agency said.

Read more
Ransomware attackers refuse to decrypt hospital's files after being paid off
ransomware hospital hackers demand more money ransomeware

Negotiating with criminals doesn't always work out, as Kansas Heart Hospital in Wichita learned last week. The hospital paid to get files back after falling victim to ransomware, but only got "partial access" and a demand for more money, Techspot is reporting.

That's right: the criminals got their ransom, and then decided they wanted more money. The hospital's president, Dr. Greg Duick says the hospital is not paying up.

Read more
"We are sorry!" TeslaCrypt ransomware authors release decryption key
A hand on a laptop in a dark surrounding.

The developers of the notorious TeslaCrypt ransomware have called it a day and released a master decryption key for all of their victims to retrieve their encrypted files.

Security researchers at ESET had been tracking the number of infections at the hands of TeslaCrypt, which is a piece of ransomware that encrypts the users’ files and holds them up for a bitcoin ransom. But the researchers noticed a considerable dip in TeslaCrypt cases, with other forms of ransomware becoming more prevalent like CryptXXX.

Read more