Garmin services began to slowly return Monday morning after the company was hacked and allegedly held to ransom by Russian group Evil Corps, who demanded $10 million to restore their operation.
Tens of millions of people around the world found the firm’s GPS and fitness-trackers, including those used by runners, cyclists and pilots, down for a fifth day Sunday.
Garmin is yet to comment on the service return or the hacking claims amid reports they were ordered to pay the ransom by the cybercriminal group headed by a 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a customized $250,000 Lamborghini.
The company had said on Twitter that its website and Garmin Connect fitness app had been offline since Thursday. It said the ‘flyGarmin’ site used for aviation databases was also down. Customers said Monday their services had ‘partially’ returned. One wrote: ‘For the first time in over 4 days, Garmin Connect seems sorta back up. It’s a bit touch and go, but it’s waking up.’
In December 2019, the FBI placed a $5 million bounty on Yakubets head for information leading to his capture. It is the largest reward being offered for an alleged criminal connected to cybercrime.
Yakubets’ latest target seems to have been Garmin, which has still offered no explanation for their outage, but security analysts said the reason is likely ransomware, a technique used by hackers to encrypt data and extort funds. The malware has been linked to a Russian cybercriminal group known as Evil Corp.
Maksim Yakubets speaks with a police officer. Yakubets drives a customized Lamborghini Huracan supercar with a personalized number plate that translates to the word ‘Thief’
Maksim Viktorovich Yakubets, 33, is believed to be the head of Russian hacking group Evil Corp and responsible for the attack on Garmin’s systems. The FBI has a $5 million reward for information that leads to his capture
Users reported Garmin services began to slowly return Monday morning after the system was hacked
In December 2019, the U.S. Treasury Department sanctioned Evil Corp after causing more than $100 million in financial damages in the American banking system.
As a result, if Garmin had wanted to pay a ransom, it could potentially be found to be breaking United States sanctions.
Yakubets is alleged to have run Evil Corp since May 2009 from the basements of Moscow cafes.
He is said to have employed dozens of people to steal money from victims in 43 countries using computer viruses that are designed to target only victims outside Russia.
The ‘malware’ is downloaded when a victim clicks on an email attachment and remains hidden on their computer to harvest their personal and financial data such as online banking details – which is subsequently used to drain their accounts.
Operating online under the name Aqua, the hacker and his associates are accused of stealing at least $100million. US treasury officials also say Yakubets has provided ‘direct assistance to the Russian government’ by acquiring confidential documents for the FSB security agency.
He was also said to be part of a scheme in which Russian intelligence agencies recruit criminals to hack national security targets.
Yakubets, a Russian national originally from Ukraine, is still at large, as is his administrator Igor Turashev, 38.
In December, 15 people associated with the hacking group were sanctioned by the US treasury. Many are believed to be living in Moscow.
If Yakubets leaves Russia, he will be arrested and extradited to America to face charges. Financial sanctions have been imposed on him by the US, but privately, insiders say the chances of him setting foot outside Russia remain small.
Yakubets is known to be a flamboyant character and along with his flash cars, one of which is a customized Lamborghini with a number plate that reads THIEF in Russian, he is known to have splashed out on a pet tiger and lion cubs.
He is described as untouchable in the Russian capital, Moscow, where he regularly films himself driving ‘doughnuts’ around police, with tires screeching, in one of his fleet of supercars – ‘cash rich with fast cars’ bought from the proceeds of fraud.
For a decade the multi-millionaire is said to have run the world’s most harmful cyber-crime group.
Yakubets, who has also worked for Russia’s FSB intelligence agency, is said to live like a king, splurging more than $250,000 on his wedding.
He married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya.
She is believed to be the owner of a chain of Moscow stores selling Italian luxury clothing called Plein Sport and graduated from the Higher School of Economics in Moscow in 2014. Benderskaya is believed to be Yakubets’ second wife.
Her father, Yakubets’ father-in-law, is a former officer with an elite special-forces unit of the FSB, Eduard Bendersky but it is also believed that some of his spy work for the organization rubbed off on his daughter.
Benderskaya is known to be a founder of several companies called Vympel-Aktiv and Vympel-Protekt which are linked to the FSB’s Special Purpose Center, known mainly for counterterrorism operations and ‘foreign sabotage operations’ according to RadioFreeEurope.
In April 2018, Yakubets was in the process of obtaining a license to work with classified Russian information from the Russian spy agency, the FSB – the Federal Security Service of the Russian Federation.
The FSB was the main successor agency to the KGB.
Yakubets was also responsible for recruiting and managing a network of individuals to Evil Corps who would then be responsible for facilitating the movement of money illicitly.
Yakubets was married at a golf club north of Moscow in summer 2017 to glamorous businesswoman Alyona Benderskaya who runs a chain of Italian luxury clothing stores
Maksim Yakubets’ wedding in 2017 to Alyona Benderskaya whose father-in-law works for FSB
Yakubets’ father-in-law, is a former officer with an elite special-forces unit of the FSB, Eduard Bendersky but it is also believed that some of his spy work for the organization rubbed off on his daughter and she is now also involved in some of the FSB-related ‘charities’ that he sits on
Over the past five days, Garmin, a company valued at $18 billion, is said to have become Yakubets’ latest target. On Sunday night, even the company’s website was unable to load properly.
The security news website Bleeping Computer described Garmin as being attacked by the WastedLocker ransomware. The ransomware attack works by encrypting the company’s data, rendering it inaccessible to employees. Evil Corp is said to have demanded a $10 million ransom for the data to be freed up.
Screenshots show lists of the company’s files encrypted by the malware, with a ransom note individually attached to each file.
The note tells the recipient to contact one of two email addresses to ‘get a price for your data’.
It is not clear whether any customer data has been compromised, as the tech firm continues to investigate and works to resolve the matter.
It has been described by officials as one of the most damaging criminal organizations on the internet.
Yakubets is alleged to have run the operation since May 2009 from the basements of Moscow cafes.
He is said to have employed dozens of people to steal money from victims in 43 countries using computer viruses that are designed to target only victims outside Russia.
The ‘malware’ is downloaded when a victim clicks on an email attachment and remains hidden on their computer to harvest their personal and financial data such as online banking details – which is subsequently used to drain their accounts.
In December, 15 people associated with the hacking group were sanctioned by the US treasury. Many are believed to be living in Moscow.
‘Yakubets is a true 21st century criminal,’ U.S. Assistant Attorney General Brian Benczkowski said in December last year ‘He’s earned his place on the FBI’s list of the world’s most wanted cyber criminals.’
I despise people like him. They are vile with no m…
The comments below have not been moderated.
By posting your comment you agree to our house rules.
We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline. To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook.
You can choose on each post whether you would like it to be posted to Facebook. Your details from Facebook will be used to provide you with tailored content, marketing and ads in line with our Privacy Policy.
Published by Associated Newspapers Ltd
Part of the Daily Mail, The Mail on Sunday & Metro Media Group