Garmin would pay the ransom to get rid of the ransomware

Garmin would pay the ransom to get rid of the ransomware

She seemed to have come out of it alone, with her own strength. Instead, an investigation reveals: the company that manufactures wearable devices would have paid the ransom to cyber criminals to overcome the attack that paralyzed IT systems

Garmin would have paid the ransom to decrypt its computer systems (photo: Gabriele Porro / Wired) During the last weekend of July, the computer systems of Garmin, a company that produces wearable devices, were taken hostage by a ransomware. If an initial investigation revealed that the company had managed to get rid of the virus with a simple backup, now BleepingComputer computer researchers have discovered that the same has received the decryption key to recover files encrypted by ransomware called WastedLocker.

The attack

Let's recap: from 23 to 27 July Garmin had to deal with a ransomware infection, previously reported by Wired. The cybercriminals who targeted her have managed to take computer systems hostage by compromising the operation of millions of wearable devices for athletes, the company's call centers and corporate email.

For the "modica" $ 10 million, however, would have sent Garmin the decryption key needed to get his computer systems back.

BleepingComputer's analysis

Bleeping computer experts analyzed the attack codes confirming that the ransomware used to target Garmin was a new ransomware strain.

experts are Bleeping they are then in possession of an executable created by the IT department of Garmin to decrypt a machine infected with the ransomware. By analyzing the instrument came to the conclusion that Garmin would have actually paid the ransom to the cyber criminals to obtain the key to decrypt that was used to create the executable in question.

“ To obtain a decryption key, working , Garmin must have paid the ransom to the attackers. Don't know how much has been paid, but as previously stated, an employee had said to BleepingComputer that the ransom demand was $ 10 million, ” says BleepingComputer a note on its website .

The tool used to liberate the machines from ransomware decodificherebbe the computer, and then would install security software that is useful to prevent a new attack by WastedLocker.

the analysis of The decrypter used by Garmin has shown the presence of references to the company it security Emsisoft and trading services of ransomware Coveware . Once you contact both, have not released any comments on the attack.

Powered by Blogger.