RUSSIAN hackers Evil Corp reportedly ordered Garmin to pay $10million to end a debilitating ransomware attack that has left millions of customers unable to use their devices for four days.
The GPS technology specialist is also suffering disruption to its aviation navigational support services FlyGarmin and Garmin Pilot apps after the cyberattack.
Garmin Connect, the app that users of the company's wearable devices rely on to sync and monitor their fitness activities, has been significantly affected since last Thursday morning.
A cause is yet to be confirmed by Garmin but ZDNet reports several employees claim it is a ransomware attack known as WastedLocker.
A source close to the Garmin cyber response and a Garmin employee also confirmed to BleepingComputer that the WastedLocker ransomware attacked Garmin.
The BleepingComputer website shared images reportedly from Garmin staff, showing that hackers had attached ransom notes to corrupted files.
The website claimed they had come from a cybercriminal group based in Russia and were demanding a $10million (£7.8m) payment.
WastedLocker is ransomware operated by a malware exploitation group commonly known as the Evil Corp gang.
The group is led by a super-wealthy Russian Maksim Yakubets, 33, dubbed "the world's biggest cyber crook".
The playboy is being sought by the FBI – which has placed a $5million ($3.9m) bounty on his head for information leading to his arrest or conviction.
The agency said last year that Yakubets is "wanted for his involvement with computer malware that infected tens of thousands of computers in both North America and Europe, resulting in actual financial losses in the tens of millions of dollars".
Specifically, Yakubets was involved in the installation of malicious software known as "Zeus", which was disseminated through phishing emails and used to capture victims’ online banking credentials.
Yakubets is also allegedly the leader of the Bugat/Cridex/Dridex malware conspiracy wherein he oversaw and managed the development, maintenance, distribution, and infection of the malware, says the FBI.
Bleeping Computer was told by a Garmin employee that they first learned of the attack when they arrived at their office on Thursday morning.
The firm's IT department had "tried to remotely shut down all computers on the network as devices were being encrypted, including home computers connected via VPN", Bleeping Computer explains.
But, as they were unable to do so, employees were ordered to shut down any computer on the network that they had access to.
In a photo of a Garmin computer with encrypted files shared with BleepingComputer the .garminwasted extension was appended to the file's name, and ransom notes were also created for each file.
Last year The Sun reported how Yakubets, who has been accused of cheating Britons out of hundreds of millions of pounds, married the daughter of Eduard Bendersky – a retired senior officer in Vladimir Putin’s security service the FSB – in an extravagant £250,000 wedding.
Western law enforcement alleges Yakubets – as head of Evil Corp hacker group – has actively worked with the Russian Federal Security Service since 2017.
Yakubets is accused of using computer viruses to fleece British and US victims of hundreds of millions of pounds.
Video and pictures emerged of the alleged super-hacker’s £250,000-plus wedding at a golf club north of Moscow to glamorous businesswoman Alyona Benderskaya.
The Mail Online reports Yakubets is alleged to have run Evil Corp since May 2009 from the basements of Moscow cafes.
Dozens of his employees have reportedly hacked and stolen money from people in 43 countries – but never Russia.
Yakubets flaunts his immense wealth by showing off in customised $250,000 Lamborghini with a license plate that boasts 'thief' in Russian.
The possible ransomware attack on Garmin has affected the firm's website and call centres, including its ability to receive calls, emails and online chats.
The Sunday Times reported that the Garmin hack attack also hit some services used by pilots, including weather and position reports and flight plans.
It is not clear whether any customer data has been compromised, as the tech firm continues to investigate and works to resolve the matter.
Writing on Twitter, Garmin said: "We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time.
"This outage also affects our call centres and we are currently unable to receive any calls, emails or online chats.
"We are working to resolve this issue as quickly as possible and apologise for this inconvenience."
The cyberattack comes after sinister Russian hackers Cozy Bear have struck again, by trying to steal Britain’s coronavirus vaccine.
UK cyber-spies have accused the group of launching a new campaign to snatch the secrets of the prototype Covid-19 jab.
HOW THE OUTAGE AFFECTS GARMIN CUSTOMERS
Garmin says it "has no indication that this outage has affected data, including activity, payment or other personal information".
inReach SOS and messaging remain fully functional and are not impacted by the outage. This includes the MapShare website and email reply page.
Although Garmin Connect is not accessible during the outage, activity and health and wellness data collected from Garmin devices during the outage is stored on the device and will appear in Garmin Connect once the user syncs their device.
Garmin says: "We are working as quickly as possible to restore Garmin Connect functionality."
Source: Read Full Article