Finally, the Garmin managed to obtain the decryption key to recover her files that were encrypted after a WastedLocker Ransomware attack.
On July 23, 2020, Garmin ceased operations globally and its customers were unable to access Garmin services Connect, flyGarmin, Strava, inReach.
The attackers demanded $ 10 million from the company to give them a decryption key.
After a four-day outage, Garmin suddenly announced that they had begun restoring services, leading many to suspect that it paid the ransom to obtain the decryption keys. However, the company refused to say anything.
Today, BleepingComputer gained access in a package created by Garmin IT department to decrypt a workstation and then install security software on the machine.
WastedLocker is one ransomware business-oriented and has no weaknesses in the encryption algorithm. This means that there is no free cryptographer.
So in order to obtain a decryption function key, Garmin must have paid the ransom to the attackers. It is not known how much they paid.
The recovery package acquired by BleepingComputer includes various security software installers, a decryption key, a decoder for WastedLocker, and a script that can run all of the above.
Το script περιέχει μια χρονική σήμανση '25/07/2020', το οποίο δείχνει ότι τα λύτρα πληρώθηκαν στις 24 ή στις 25 Ιουλίου.
The cryptographer included in the package contains references to both the cybersecurity company Emsisoft as well as ransomware trading company, Coveware.
When BleepingComputer contacted Coveware, they said they did not comment on ransomware reported in the media.
A similar answer was given by Emsisoft which stated that it could not comment, but that they create decryption tools and are not involved in ransom payments.
Emsisoft typically creates custom ransomware decryptors when the tools provided by attackers contain errors or if companies are concerned that they may contain backdoors.
"Εάν τα λύτρα έχουν πληρωθεί, αλλά ο αποκρυπτογράφος που παρέχεται από τον εισβολέα είναι αργός ή ελαττωματικός, μπορούμε να εξαγάγουμε τον κωδικό αποκρυπτογράφησης και να δημιουργήσουμε μια προσαρμοσμένη λύση που αποκρυπτογραφεί έως και 50% ταχύτερα με μικρότερο κίνδυνο ζημιάς ή απώλειας δεδομένων", αναφέρει η Emsisoft on a page of.
