Garmin (NASDAQ:GRMN) reportedly paid a multimillion ransom to a group of Russian hackers who go by the name of Evil Corp in exchange for a decryption key to unlock files on its corporate network.
The ransomware attack by the hackers last month caused outages for several days on various networks such as Garmin Connect, which affected its smartwatches and fitness trackers, and flyGarmin, the company's navigational support service for pilots.
Garmin has not confirmed it paid a ransom, which could possibly run afoul of U.S. sanctions placed against Evil Corp. But BleepingComputer, the site that first reported the attack, says it confirmed Garmin received the decryption key.
A case of Russian interference
On July 23, Garmin services began experiencing outages that took down websites, call centers, email, and online chats. The attack was the result of the WastedLocker ransomware virus that has been attributed to Evil Corp.
Last December, the U.S. Treasury sanctioned the group, saying it was working directly with Russian intelligence agencies. Anyone "engaging in transactions" with Evil Corp are subject to prosecution.
The first company Garmin supposedly turned to to pay the ransom declined because it did not want to run afoul of the sanctions. A second company, Arete IR, which published a study saying Evil Corp's association with WastedLocker is not certain, reportedly agreed to serve as the middleman and facilitate the transaction.
According to BleepingComputer, there are no known flaws in the WastedLocker algorithm, which means the decryption key cannot be made available for free. Since Garmin subsequently regained control over its networks, it means the ransom was paid. Employees told the website the amount demanded was $10 million.
Garmin told Sky News it "does not comment on rumor and speculation."