With Garmin back up online many people probably don’t care how Garmin resolved WastedLocker ransomware attack that was carried out on their systems last week. Reports suggested ransomware was involved, and there are some more indications that was the case.
According to Sky News, Garmin paid a “multi-million dollar ransom” via a third-party company called Arete Incident Response to regain access to its files and systems.
BleepingComputer was the first company to confirm Garmin was not doing maintenance on their systems but in fact, had suffered a major security breach having many systems encrypted by the WastedLocker ransomware disabling all access to the systems it affected. They acquired this information from employees who shared photos of encrypted workstations, and it looks like the latest bit of news is via similar sources.
BleepingComputer has now gained access to an executable created by the Garmin IT department to decrypt a workstation and then install a variety of security software on the machine.
It confirms the attack was the WastedLocker ransomware, and this is a particularly effective piece of software, in that it is effectively impossible to create a decryptor without being supplied the decryption key direct from the perpetrator.
Arete Incident Response, which helps companies secure their networks and resolve attacks, recently suggested that WastedLocker was not conclusively the work of Evil Corp. It published a study on that topic the day after Garmin said it was attacked. Arete told Sky News it “follows all recommended and required screenings to ensure compliance with US trade sanctions laws.”