Sky News Once Again Claims Garmin Paid The Ransom….. But They Back Up Their Claims This Time

Last week I posted a story with Sky News claiming that Garmin had paid the people behind their ransomware attack. The people behind this are likely Evil Corp for the record as the ransomware that was used was reportedly “wasted locker”. In that story I said this:

The thing is, Sky News offers up no proof whatsoever. At least when the news that Garmin had been pwned by ransomware first appeared, there was proof from a variety of sources to back this up. But that’s not the case here. 

Well, Sky News is back, and they back up their claims this time:

According to people with knowledge of the matter, speaking to Sky News on the condition of anonymity, Garmin had initially sought to pay the ransom using another firm which specialises in responding to these incidents.

However, this firm responded that it didn’t negotiate ransom payments in WastedLocker cases due to the risk of running foul of the sanctions.

The sources said after being initially rebuked, Garmin then sought the services of Arete IR, a firm which claims that the links between the WastedLocker ransomware and sanctioned individuals have not been proven.


Separate sources confirmed to Sky News that Arete IR made the payment as part of its ransomware negotiation services, although Arete argues that WastedLocker is not conclusively the work of Evil Corp.

Neither Garmin nor Arete IR disputed that the payment was made when offered the opportunity to do so.

Arete IR is a company that does the following:

Arete Advisors has assembled an elite global team of incident response experts to create unparalleled capability to assist clients in preparing for and defending themselves against a cyber-attack, from incident response readiness assessments to post-incident remediation and ongoing hunt services. Our core skills include triage, digital forensics, malware reverse engineering, remediation, managed detection response, hunt and testifying expertise. Arete works with organization of all size to provide highly customized advice specific to your industry. Arete’s advisory services provide legally defensible, compliant cyber strategies that assist the C-Suite and Boards of Directors to continuously improve the organizations’ cyber posture, by aligning cyber risk management strategy with corporate risk.

But more interestingly, they also do this:

While some companies require insureds to get funds up front, costing precious hours and days to the clients in crises. Arete, has created a simple, easy way for Breach Coaches and Insureds to immediately respond by facilitating the entire technical and financial process of purchasing the Bitcoin, while managing the negotiation with the bad actor for a flat fee, to be paid in 30 days. Allowing clients to focus on restoring their business to health

Thus it’s safe to conclude that Garmin paid the gang behind the ransomware. And the fact that neither Garmin nor Arete IR deny that they paid underscores that. So Evil Corp or whomever was behind this won. I get that the need for Garmin to get back up and running, but I am a firm believer that you should never pay the ransom as it only encourages these scumbags. So it is unfortunate that the bad guys have effectively won.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: