The attackers demanded $ 10 million from the company to give them a decryption key.
After a four-day break, the Garmin suddenly announced that they were beginning to restore services which made many suspect that he paid the ransom to obtain the decryption keys. However, the company declined to comment.
WastedLocker is one ransomware that targets businesses and has no vulnerabilities in the encryption algorithm. This means that there is no free cryptographer.
So to obtain a decryption function key, the Garmin he must have paid the ransom to the attackers. It is not known how much they paid.
The recovery package acquired by BleepingComputer includes several security software installers, a decryption key, a decryptor for WastedLocker, and a script that can run all of the above.
The script contains a timestamp '25/07/2020', which shows that the ransom was paid on 24 or 25 July.
When BleepingComputer contacted Coveware, they said they did not comment on incidents ransomware referred to in the media.
A similar answer was given by Emsisoft, which stated that it could not comment, but that they create decryption tools and are not involved in ransom payments.
Emsisoft usually creates custom decoders ransomware when tools provided by attackers contain errors or if companies are concerned that they may contain backdoors.
"If the ransom has been paid, but the encryptor provided by the attacker is slow or defective, we can extract the decryption code and create a custom solution that decrypts up to 50% faster with less risk of data loss or loss," she said. Emsisoft on a page of.