Garmin: has the decryption key for WastedLocker Ransomware

Garmin eventually obtained the decryption key to recover its encrypted files after an attack with WastedLocker Ransomware.

On July 23, 2020, Garmin ceased operations worldwide and its customers could not access Garmin Connect, flyGarmin, Strava, inReach services.

The attackers demanded $ 10 million from the company to give them a decryption key.

After a four-day hiatus, Garmin suddenly announced that services were being restored, leading many to suspect that it had paid a ransom to obtain the decryption keys. However, the company declined to comment.

Today, BleepingComputer gained access in a package created by Garmin IT department to decrypt a workstation and then install security software on the machine.

WastedLocker is one ransomware business-oriented and has no weaknesses in the encryption algorithm. This means that there is no free cryptographer.

So in order to obtain a decryption function key, Garmin must have paid the ransom to the attackers. It is not known how much they paid.

The recovery package acquired by BleepingComputer includes various security software installers, a decryption key, a decoder for WastedLocker, and a script that can run all of the above.

The script contains a timestamp '25/07/2020', which shows that the ransom was paid on 24 or 25 July.

The cryptographer included in the package contains references to both the cybersecurity company Emsisoft as well as ransomware trading company, Coveware.

When BleepingComputer contacted Coveware, they said they did not comment on ransomware reported in the media.

A similar answer was given by Emsisoft, which stated that it could not comment, but that they create decryption tools and are not involved in ransom payments.

Emsisoft typically creates custom ransomware decryptors when the tools provided by attackers contain errors or if companies are concerned that they may contain backdoors.

"If the ransom has been paid, but the decryptor provided by the attacker is slow or defective, we can extract the decryption code and create a custom solution that decrypts up to 50% faster with less risk of damage or data loss," she said. Emsisoft on a page of.