Garmin Services Restored; $10M Ransom Demand

NOTICE: If you have a Garmin paid subscription, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.

gps-phone-mapUPDATE: This article provides updated information regarding a massive Garmin cyberattack on July 23, 2020, affecting Garmin services, including GarminConnect and flyGarmin.

On July 27, 2020, Garmin confirmed that a WastedLocker ransomware attack encrypted the company’s servers worldwide. Services are slowly being restored after multiple days offline.

Initially, Garmin claimed that the outage on July 23, 2020 was due to a maintenance issue. The shutdown affected almost every consumer-facing area, including Garmin’s apps, website, and customer support centers. Millions of users around the world were unable to use their Garmin devices.

Third parties quickly revealed that ransomware was involved. Ransomware infects an organization’s computer systems, encrypting the data and holding it hostage in exchange for compensation to the attackers.

The cyberattackers reportedly demanded a $10 million ransom to produce a custom key to restore Garmin’s data. It is unknown whether Garmin, valued at $18 billion, paid any ransom fees, a transaction that could break U.S. sanctions.

WastedLocker ransomware is associated with Russian cybercriminal group Evil Corp, run by Maksim Yakubets. Evil Corp. has been described as one of the most damaging criminal organizations on the internet. In 2019, the FBI placed a $5 million bounty on Yakubets – the largest reward offered for an alleged cybercriminal.

The group has been operating since 2009 and has caused more than $100 million in financial damages to the U.S. banking system. Last month, Evil Corp. announced that it had launched new ransomware targeting employees working from home for more than 30 major U.S. corporations.

WastedLocker malware is first downloaded on a worker's computer after clicking a malicious software update window. Once installed on the individual's computer, the ransomware begins unlocking permissions on the remote corporate network the person is connected to, with the goal of eventually locking the entire company out of its own systems to extract a ransom payment.

Evil Corp is also known for developing Dridex phishing software that enticed victims in 43 countries outside of Russia to click on malicious links or attachments embedded within the emails. The virus quietly harvested personal and financial data such as online banking credentials – which were subsequently used to drain the victim’s bank accounts.

Garmin currently claims that there is no indication that any customer data, including payment information from Garmin Pay, was accessed, lost, or stolen.

However, Garmin has reportedly hired a team of security experts and consultants to investigate and remediate the security incident. The investigation will include thoroughly evaluating whether any personal information was compromised in the extensive data breach.

California law requires businesses to notify any California resident whose unencrypted personal information was acquired by an unauthorized person.

The Arnold Law Firm will continue to monitor the Garmin data breach as the situation develops. If you have a Garmin paid subscription, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.