A Rumor Claims That Garmin “Obtained” The Decryption Key To Get Their Data Back…. The Facts Say That Garmin Is Down Again

A report from Sky News says that Garmin has “obtained” the decryption key to get them out of their ransomware mess:

Smartwatch maker Garmin has obtained the decryption key to recover its computer files from a ransomware attack last Thursday, Sky News has learned.

The thing is, Sky News offers up no proof whatsoever. At least when the news that Garmin had been pwned by ransomware first appeared, there was proof from a variety of sources to back this up. But that’s not the case here. And what makes this report questionable:

Security sources who spoke to Sky News said WastedLocker is believed to be developed by Evil Corp, a hacking group based in Russia which was sanctioned by the US Treasury last December

The sanctions mean that “US persons are generally prohibited from engaging in transactions” with the cyber criminals, although the US Treasury did not respond to questions about whether the general prohibition applied in the circumstances of extortion.

Sources with knowledge of the Garmin incident who spoke to Sky News on the condition of anonymity said that the company – an American multinational which is publicly listed on the NASDAQ – did not directly make a payment to the hackers.

So if Garmin did make the payment, they didn’t do so directly to try and evade the fact that paying Evil Corp would be illegal. That’s not unusual as I have heard of these third party payments to ransomware gangs happening in other situations. It all depends on how much the data is worth to the organization that got pwned.

But let’s move from rumor to fact. Garmin Connect is down again based on their status page as of 10PM Monday. Here’s a screenshot:

This has stretched the patience of Garmin users as it was partially up earlier today, which gave Garmin users some hope. But any hope is likely gone now and Garmin is now back to handling a PR disaster. If everything that happened over the weekend wasn’t going to drive Garmin customers to competitive products, I’m going to guess that this latest incident will.

It sure sucks to be Garmin right now.

UPDATE: As of 11:15 PM Garmin Connect appears to be back to being somewhat online.

2 Responses to “A Rumor Claims That Garmin “Obtained” The Decryption Key To Get Their Data Back…. The Facts Say That Garmin Is Down Again”

  1. […] Straight Talk About Information Technology From A Nerd Who Speaks English « A Rumor Claims That Garmin “Obtained” The Decryption Key To Get Their Data Back…. … […]

  2. […] week I posted a story with Sky News claiming that Garmin had paid the people behind their ransomware attack. The people […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: