Business Today

This Russian hacker is likely behind ransomware attack on Garmin

Garmin is battling a ransomware attack and is struggling to take control of its networks. Now details emerge of a 33-year-old Russian hacker, Maksim Yakubets, who is likely behind it.

twitter-logoAnkit Kumar | July 27, 2020 | Updated 14:34 IST
The hacker group behind the Garmin attack is suspected to be Evil Corp, run by Russian hacker Maksim Yakubets.


  • Garmin has reportedly lost control of its network and computers that power its services.
  • The company has acknowledged service disruption in its services, including Garmin Pilot.
  • There are reports that Maksim Yakubets is behind the ransomware attack on Garmin.

Internet is the only fuel which has been fuelling small and big organizations during these challenging times. However, the National Security Agency National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint warning, asking organizations to develop capabilities which should allow them to immediately disconnect their key infrastructure from the internet and go manual. The NSA/CISA advisory came on the day when sports and fitness giant Garmin faced an outage, allegedly caused by a ransomware attack.

The hacker group behind the Garmin attack is suspected to be Evil Corp, run by Russian hacker Maksim Yakubets. According to the US Federal Bureau of Investigation (FBI) records, Maksim works under pseudo-name "AQUA". Earlier, the FBI had also announced a $5 million reward for information leading to the arrest or conviction of Yakubets.

The Garmin hack

Garmin, the US based multinational tech firm, which also has its presence in India announced last week that it has been facing an outage which the company wasn't able to fix by Monday morning. Although the company did not officially acknowledge the ransomware attack, inside accounts have confirmed to India Today that "the administrators did not have full control of some of their operational technology assets during the outage". Independent accounts have also posted leaks showing alleged extracted ransom notes, which corroborates the ransomware attack.

The company specializes in GPS technology and wearable technology which includes health tracker and fitness watches. Garmin India did not answer specific questions asked by India Today although; it released a carefully drafted public statement which said, "Garmin has no indication that this outage has affected your data, including activity, payment or other personal information".

What is a Ransomware Attack?

It's a type of cyber-attack where attackers encrypt the victim's file which may be critical to run their operations. These files cannot be accessed by the previous admins without the new keys or passwords and hence in order to regain control of their own data, the victims end up paying ransom money to the attacker, often in the form of crypto-currencies. While the exact amount sought by the attackers from Garmin is not yet known, going by the global scale of it, the hack is one of the biggest public ransomware attacks in recent times.

The Hacker with Lamborghini

The 33 years old Russian hacker has been charged in the US and Europe for causing "financial losses in the tens of millions of dollars". In December 2019, UK's National Crime Agency released video footage of Maksi, where he was shown living an open luxurious life with his customized Lamborghini in Russia.

"If Maksim Yakubets, who used the online identity of 'Aqua', ever leaves the safety of Russia he will be arrested and extradited to the US" NCA Director Rob Jones said in a statement.

Maksim who allegedly runs his operation from the basements of Moscow cafes has employed around dozens people including 38 years old Igor Turashev, who is believed to be his administrator and controls the Dridex malware.

According to the FBI, Yakubets is also allegedly the leader of the Bugat/Cridex/Dridex malware conspiracy which "allegedly conspired to capture online banking credentials, and to use these captured credentials to steal money from the victims' bank accounts".

Yakubets was indicted in the Western District of Pennsylvania, on November 13, 2019, and was charged with Conspiracy, Conspiracy to Commit Fraud, Wire Fraud, Bank Fraud, and Intentional Damage to a Computer.

  • Print

A    A   A