Evil Corp demands a £7.8m ransom from Garmin following ransomware attack

Russian hacker group Evil Corp has reportedly told Garmin to pay a ransom of £7.8 million after encrypting the company's computer systems via a ransomware attack last Thursday.

The ransomware attack took Garmin's website, mobile apps, and customer service call centres offline on Thursday, leaving the company unable to receive any calls, emails, or online chats. Aside from affecting Garmin.com and Garmin Connect, the cyber attack also affected Garmin's aviation database services as well as flyGarmin, a critical service that supports the company's aviation navigational equipment.

"We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience," the company said in a brief update on its website.

According to various reports, the ransomware attack was carried out by Russian hacker group Evil Corp which is headed by 33-year-old Maksim Yakubets. Yakubets and his associate Igor Turashev were indicted in the U.S. in December last year for conducting Dridex and Zeus financial malware campaigns through Evil Corp that cost UK and US organisations hundreds of millions of pounds in financial losses.

Evil Corp used Dridex, WastedLocker, and Zeus malware to target major U.S. corporations

Evil Corp has now demanded a ransom of $10 million (£7.78 million) from Garmin to enable the company to regain access to its encrypted servers and websites. While it remains to be seen if Garmin is communicating with the hacker group or whether it is inclined to pay the ransom, it is not the only major corporation that has been targeted by the group of late.

In June, Symantec said that Evil Corp attempted to deploy the WastedLocker ransomware in networks and servers owned by dozens of major U.S. corporations, eight of whom were Fortune 500 companies and eleven were listed companies.

"At least 31 customer organisations have been attacked, meaning the total number of attacks may be much higher. The attackers had breached the networks of targeted organisations and were in the process of laying the groundwork for staging ransomware attacks," Symantec said.

"The attacks begin with a malicious JavaScript-based framework known as SocGholish, tracked to more than 150 compromised websites, which masquerades as a software update. Once the attackers gain access to the victim’s network, they use Cobalt Strike commodity malware in tandem with a number of living-off-the-land tools to steal credentials, escalate privileges, and move across the network in order to deploy the WastedLocker ransomware on multiple computers.

"Had the attackers not been disrupted, successful attacks could have led to millions in damages, downtime, and a possible domino effect on supply chains," Symantec added. It is not clear if the ransomware attack on Garmin involved the use of WastedLocker, but it is certainly causing a lot of damage to the company.

Evil Corp represents the most significant cyber crime threat to the UK: NCA

The U.S. FBI described Maksim Yakubets as a prominent Russian hacker who drives a customised Lamborghini supercar with a personalised number plate that translates to ‘Thief’ and spent over a quarter of a million pounds on his wedding. Yakubets is presently subject to a $5 million US State Department reward – the largest ever reward offered for a cyber criminal.

The agency said that Evil Corp is "the world’s most harmful cyber crime group" and malware strains developed and distributed by the hacker group "have been considered among the world’s most prominent cyber threats, responsible for enabling fraud, stealing data, and theft from businesses and individuals."

It added that Yakubets used multiple online identities, primarily that of "Aqua", to run criminal campaigns aimed at targeting individuals and organisations with financial malware such as Dridex and Zeus, stealing private and personal data from infected systems, exploiting such data to steal money, and laundering the money back to himself and his associates.

"It is our assessment that Maksim Yakubets and Evil Corp – the cyber crime group he controls – represent the most significant cyber crime threat to the UK," said Lynne Owens, Director General of the NCA.

"The significance of this group of cyber criminals is hard to overstate; they have been responsible for campaigns targeting our financial structures with multiple strains of malware over the last decade. We are unlikely to ever know the full cost, but the impact on the UK alone is assessed to run into the hundreds of millions.

"While the harm caused by this group has targeted mainly financial institutions, there is no doubt that their activity has had real world impacts, defrauding and stealing from victims in the UK and worldwide. The Lamborghini Yakubets drives was someone’s life savings, now emptied from their bank account," Owens added.

MORE ABOUT:

Leave a Reply