- Garmin reportedly paid a ransom through an intermediary, Arete IR, to recover from a cyberattack.
- The move theoretically helped Garmin recover without violating sanctions.
- The payout is believed to be a ‘multi-million’ sum.
Garmin may have recovered from a days-long ransomware attack simply by paying the ransom — albeit through indirect means.
Sky News sources claim the fitness watch maker paid a “multi-million dollar” sum to the attackers through Arete IR to restore Garmin Connect and other vital functionality knocked out through the WastedLocker malware.
The company purportedly tried to pay the ransom through an unnamed specialist in such incidents. That firm refused Garmin due to the risks of violating US sanctions targeting Evil Corp, the Russian cybercrime group allegedly linked to the attack. Garmin turned to Arete IR, which cast doubt on the link between WastedLocker and the sanctioned attackers.
Read more: The best security apps for Android
Garmin didn’t comment on the latest claims. An Arete spokesperson said the company “cannot discuss” clients due to confidentiality agreements, but that it honors “all recommended and required screenings” to honor US sanctions.
If true, this wouldn’t be shocking. Ransomware isn’t easy to overcome while avoiding the ransom, and this affected the very heart of Garmin’s business. It couldn’t afford to spend a long time trying to recover its data while users went without important features. What money Garmin would pay through a ransom would be trivial compared to lost sales and a soured reputation.
At the same time, a payment wouldn’t be great for tech industry security. Cybercriminals might feel empowered knowing that a large company like Garmin felt compelled to pay. Crooks might not rush to target other tech giants, but they could wield ransomware against outfits that might have otherwise gone unscathed.