Finally, the Garmin κατάφερε να αποκτήσει το κλειδί αποκρυπτογράφησης για να ανακτήσει τα αρχεία της που είχαν κρυπτογραφηθεί μετά από μια επίθεση με το WastedLocker Ransomware.
On July 23, 2020, Garmin ceased operations globally and its customers were unable to access Garmin services Connect, flyGarmin, Strava, inReach.
The attackers demanded $ 10 million from the company to give them a decryption key.
After a four-day hiatus, Garmin suddenly announced that services were being restored, leading many to suspect that it had paid a ransom to obtain the decryption keys. However, the company declined to comment.
Today, BleepingComputer gained access in a package created by Garmin's IT department to decrypt a workstation and then install security software on machine.
WastedLocker is one ransomware business-oriented and has no weaknesses in the encryption algorithm. This means that there is no free cryptographer.
So in order to obtain a decryption function key, Garmin must have paid the ransom to the attackers. It is not known how much they paid.
The recovery package acquired by BleepingComputer includes various security software installers, a decryption key, a decoder for WastedLocker, and a script that can run all of the above.
The script contains a timestamp '25/07/2020', which shows that the ransom was paid on 24 or 25 July.
The cryptographer included in the package contains references to both the cybersecurity company Emsisoft as well as ransomware trading company, Coveware.
When BleepingComputer contacted Coveware, they said they did not comment on ransomware reported in the media.
A similar answer was given by Emsisoft, which stated that it could not comment, but that they create decryption tools and are not involved in ransom payments.
Emsisoft typically creates custom ransomware decryptors when the tools provided by attackers contain errors or if companies are concerned that they may contain backdoors.
“If the ransom has been paid, but the decryptor provided by the attacker is slow or faulty, we can extract the decryption code and create a custom solution that decrypts up to 50% faster with smaller risk of data damage or loss,” says Emsisoft on a page of.
