Garmin Paid Millions in Ransom After Hack

Some analysts believe the ransomware used in the attack is tied to an infamous Russian cybercriminal ring.

 

There was a time when consumers only knew Garmin for the tiny little square boxes you suctioned to your front windshield. And while they seem a little cumbersome now, they were part of a GPS revolution that kicked the road atlas to the curb and ushered in the era of turn-by-turn navigation.

Well, Garmin actually has its teeth in several different industries, including aviation, but is now most known for its wearables division, where it offers a wide array of devices like smart watches and fitness trackers. No suction cup required.

Unfortunately for Garmin, a recent breach compromised its entire operation when an alleged cyberattack knocked many of its services and systems offline. And recent reports suggest that it may have been even more nefarious than we realized, saying that Garmin was forced to pay a multi-million-dollar ransom to get its files back.

According to Engadget, the cyberattacker hasn’t officially been identified, but some analysts feel the ransomware used is believed to be tied to a Russian cybercriminal ring called Evil Corp.

But if it was Evil Corp., and Garmin did pay a ransom —two points that are so far unconfirmed — then things could get a little hairy. That’s because the U.S. sanctioned Evil Corp. last year and prohibited the entity from “engaging in transactions with U.S. companies.”

According to Engadget, a third party, Arete Incident Response, which worked with Garmin on handling the situation, has said it doesn’t believe it was conclusively dealing with the barred entity in this case, and that it "follows all recommended and required screenings to ensure compliance with U.S. trade sanctions laws."

More in Video