https://news.sky.com/story/garmin-obtains-decryption-key-after-ransomware-attack-12036761 Skip to content sky news logo Watch Live Menu * Home * UK * World * Politics * US * Climate * Science & Tech * Business * Ents & Arts * Travel * Offbeat * Analysis * Opinion * Videos * Weather More * Home * UK * World * Politics * US * Climate * Science & Tech * Business * Ents & Arts * Travel * Offbeat * Analysis * Opinion * Videos * Weather Watch Live Exclusive Garmin obtains decryption key after ransomware attack The company's services have started to recover following a ransomware attack by cyber criminals sanctioned in the US. Alexander J Martin, technology reporter Alexander Martin Technology reporter @AJMartinSky Created with Sketch. Monday 27 July 2020 20:04, UK A fair worker presents the "Vivomove HR" smartwatch at the booth of Garmin at the IFA Consumer Electronics Fair in Berlin in Berlin on August 31, 2017. The fair is open for the public from September 1 to 6, 2017. / AFP PHOTO / TOBIAS SCHWARZ (Photo credit should read TOBIAS SCHWARZ/AFP via Getty Images) Image: Garmin was targeted with a virus known as WastedLocker * * * * image/svg+xml Why you can trust Sky News Smartwatch maker Garmin has obtained the decryption key to recover its computer files from a ransomware attack last Thursday, Sky News has learned. Last week, Garmin's services were taken offline after hackers infected the company's networks with a ransomware virus known as WastedLocker. A number of the company's services are operational again and the business has now confirmed the "cyber attack" for the first time, stating: "Affected systems are being restored and we expect to return to normal operation over the next few days." Evil Corp, wanted for $5m, show of Lambo Supercars and a lion cub: Evil Corp's riches Last week, the malicious software encrypted the files on Garmin's corporate network and demanded a ransom be paid in order for the files to be decrypted, essentially shuttering the firm's entire business. Security sources who spoke to Sky News said WastedLocker is believed to be developed by Evil Corp, a hacking group based in Russia which was sanctioned by the US Treasury last December. Advertisement The sanctions mean that "US persons are generally prohibited from engaging in transactions" with the cyber criminals, although the US Treasury did not respond to questions about whether the general prohibition applied in the circumstances of extortion. Sources with knowledge of the Garmin incident who spoke to Sky News on the condition of anonymity said that the company - an American multinational which is publicly listed on the NASDAQ - did not directly make a payment to the hackers. More from Science & Tech * Number 10: Twitter 'needs to do better' amid criticism over Wiley's antisemitic tweets * China dominates top 20 cities with most CCTV - but UK has one very high entry * Coronavirus: Scientists discover 'camouflage' enzyme * What is QAnon? The bizarre pro-Trump conspiracy theory growing ahead of the US election * Why do some people still refuse vaccinations? * Smartwatch maker Garmin taken offline after suspected cyber attack If a payment was made through a third party it could also be covered by the Treasury sanctions, which warn: "Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons." Any ransom payment would be specific to Garmin, paid using contact details left in a tailored message the virus included alongside the encrypted files, meaning the company could potentially be seen has having engaged in the transaction if it contracted a third party to do so on its behalf. Garmin's representatives declined to respond to repeated offers by Sky News to challenge the sources' claims, stating the company "does not comment on rumour and speculation". (L-R) Kirill Slobodskoy, Maksim Yakubets, Dimitriy Slobodskoy, Artem Yakubets. Pic: NCA Image: Members of Evil Corp indicted last year. Pic: NCA Last week, the company confirmed to customers that it was "experiencing an outage that affects Garmin Connect", the service used by owners of the company's smartwatches to track their running performance and other health and fitness goals. Garmin's website, mobile app and customer service call centres were also taken offline as a result of the incident. A representative for Garmin told Sky News that they did not have any information to share regarding the ransom payment. They stated: "We are working to restore our systems as quickly as possible and apologise for the inconvenience. Additional updates will be provided as they become available." In a fresh statement, the company said: "We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. "Additionally, the functionality of Garmin products was not affected, other than the ability to access online services." However, Brett Callow, a cyber security researcher at Emsisoft, told Sky News: "Absence of indication is not indication of absence." Yakubets purchased a sports car with his stolen funds. Pic: NCA Image: Evil Corp members have purchased sports cars with their stolen funds . Pic: NCA A growing cyber criminal threat facing companies involves something called post-intrusion encryption, in which the victim's machines are encrypted after the criminals have stolen data. This stolen data is then usually leaked piecemeal on the criminals' "name and shame" websites in order to extort a ransom payment from the victim. Victims of such extortion have included a US nuclear missile military contractor and foreign exchange company Travelex. Although stolen information may not be released after a ransom is paid, it could still be held by the criminals and potentially used to target the individuals it belongs to. * Facebook * Twitter * YouTube * Instagram About Sky News * About Us * Sky Data * Sky News International * Sky News Library Sales * Site Map * Editorial Guidelines * Supreme Court Live * Sky News Board Sky News Services * Sky News RSS * Sky News For Your Phone * Sky News Radio Sky Channels * Sky 1 * Sky Witness * Sky Atlantic * Sky Arts * Sky Cinema * Sky Sports More Sky Sites * NOW TV * Sky Ocean Rescue * Sky Academy Studios * Bigger Picture * Sky Corporate * Sky Bet * Sky.com * Sky News Arabia * Advertise With Us * Terms & Conditions * Privacy & Cookies * Privacy Options * Accessibility * Contact Us Sky logo (c) 2020 Sky UK [p]