Garmin obtains decryption key to recover files from ransomware attack

GPS giant Garmin has reportedly obtained the decryption key to recover its computer files from a ransomware attack, which started 23 July.

Garmin’s services were taken offline after hackers demanded a $10 million ransom, encrypting the files on the firm’s corporate network with a ransomware virus known as Wasted Locker, believed to be developed by Russian-based hacking group, Evil Corp.

Evil Corp was sanctioned by the US Treasury last December, and sources close to the Garmin incident told Sky News that the company did not directly make a payment to the hackers.

The sanctions detail, “US persons are generally prohibited from engaging in transactions” with cyber criminals”, suggesting Garmin could find itself in an awkward position if it had decided the best route forward was to pay the ransom.

Additionally, if a payment was made through a third party this could also be covered by the Treasury sanctions, and Garmin could potentially be seen as having engaged in the transaction if it contracted a third party to do so on its behalf.

Garmin representatives reportedly declined to comment on these scenarios.

Some of Garmin’s services are beginning to return, albeit not yet at full capacity. The firm has reassured its customers that no data, training activity, payment, nor other personal customer details have been obtained as part of the hack.

Garmin’s website, mobile app and customer service call centres were also taken offline as a result of the incident. The firm hopes to “return to normal operation over the next few days”.

Updates and FAQs on the outage can be seen here.