Skip to main content

Garmin systems return to normal, as questions arise whether the $10 million ransom was paid

Garmin Edge 1030 and accessories
Garmin Edge 1030 and accessories (Image credit: Josh Ross)

After last week's reports that Garmin was subject of a ransomware attack by WastedLocker, Garmin has issued a statement confirming its systems were subject to a 'cyber attack', but announces that it expects "to return to normal operation over the next few days." 

The malware affected more than just cycling services such as Strava uploads, with Garmin's automotive and aviation departments also seeing outages, but the Garmin System Status page confirms that its services are beginning to return to full capacity, showing a mix of 'online' or 'limited' across its various services. 

To view the statement, or for answers to frequently asked questions, head to Garmin

In its statement, Garmin fails to confirm the exact nature of the cyber attack and makes no mention of ransomware. In the days since the outage began, it was widely reported that anonymous sources from within the company admitted WastedLocker ransomware to be the cause. 

We previously reported that rides are beginning to re-sync with Strava, but in the days since, speculation has been building among news and tech publications as to how Garmin has resolved the problems. 

According to a press release from December 2019, Evil Corp, the Russia-based group behind the hack, was hit with sanctions by the US Treasury. The press release states: "U.S. persons are generally prohibited from engaging in transactions with [Evil Corp]" which essentially means it would be illegal for Garmin to have paid the ransom. 

An article from Sky News explains that Garmin has obtained the decryption key, however, the article uses interesting wording: "Sources with knowledge of the Garmin incident who spoke to Sky News on the condition of anonymity said that the company - an American multinational which is publicly listed on the NASDAQ - did not directly make a payment to the hackers."

Forbes has since speculated that the $10 million could be a tax-deductible expense, and Experts speaking to The Times explained that Garmin 'must have' paid the ransom. 

Beyond the obvious legal implications, the wider consideration at hand is whether paying a ransom would open up Garmin to other opportunistic hackers who come to see the American brand as an easy target. While the company vehemently denies that any sensitive data was breached, if the brand does become a target for future attacks, customers may not be so lucky next time. 

Cyclingnews has reached out to Garmin for clarification but is yet to receive a reply.