Garmin suspects 'Evil Corp' behind the major outage

Garmin, GPS and smartwatch manufacturer is slowly recovering from a major outage caused by a cyberattack. The company did not detail the nature of the incident, but it's thought to be the work of 'Evil Corp', a prolific ransomware group which asked for $10m.

Evil Corp has traditionally targeted larger companies than most ransomware attempts, with focused attacks on banks, media organizations, and technology companies. The group so far has not done what other ransomware gangs often do - leak information. WastedLocker, as far as security researchers know, doesn't include data theft functions. 

The company said in a statement, “Garmin was the victim of a cyberattack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen." 

Garmin’s aviation database services, flyGarmin, which supports aviation navigational equipment, were also impacted. Factories were brought down for 'maintenance.'

The company said that "affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage." 

The ransomware attack variant is thought to be WastedLocker, used by Evil Corp.

The group is allegedly led by Russian Maksim Yakubets, who is wanted by the FBI for his involvement with computer malware that infected tens of thousands of computers in both North America and Europe, resulting in actual financial losses in the tens of millions of dollars.

The agency currently has a $5m bounty on Yakubets' head, the highest ever offered for a cybercriminal.