Finally the Garmin managed to obtain the decryption key to recover its encrypted files after an attack with WastedLocker Ransomware.
On 23 July 2020, the Garmin ceased to operate globally and its customers could not access the services Garmin Connect, flyGarmin, Strava, inReach.
The attackers demanded $ 10 million from the company to give them a decryption key.
After a four-day break, the Garmin suddenly announced that they were beginning to restore services which made many suspect that he paid the ransom to obtain the decryption keys. However, the company declined to comment.
Today, BleepingComputer gained access in a package created by its IT department Garmin to decrypt a workstation and then install security software on the machine.
WastedLocker is one ransomware that targets businesses and has no vulnerabilities in the encryption algorithm. This means that there is no free cryptographer.
So to obtain a decryption function key, the Garmin he must have paid the ransom to the attackers. It is not known how much they paid.
The recovery package acquired by BleepingComputer includes several security software installers, a decryption key, a decryptor for WastedLocker, and a script that can run all of the above.
The script contains a timestamp '25/07/2020', which shows that the ransom was paid on 24 or 25 July.
The cryptographer included in the package contains references to both the cybersecurity company Emsisoft as well as in the trading company ransomware, Coveware.
When BleepingComputer contacted Coveware, they said they did not comment on incidents ransomware referred to in the media.
A similar answer was given by Emsisoft, which stated that it could not comment, but that they create decryption tools and are not involved in ransom payments.
Emsisoft usually creates custom decoders ransomware when tools provided by attackers contain errors or if companies are concerned that they may contain backdoors.
"If the ransom has been paid, but the encryptor provided by the attacker is slow or defective, we can extract the decryption code and create a custom solution that decrypts up to 50% faster with less risk of data loss or loss," she said. Emsisoft on a page of.
Tux an interesting story about the Linux mascot
Comment Policy:
IGuRu.gr does not post comments directly. Malicious comments, comments that include ads, or comments with insults are deleted without any notice. We do not adopt the views expressed by our readers.
Your comments will be displayed after approval by the administrators