It hasn’t been revealed who was behind the attack nor to whom a ransom (if any) was paid. Some security researchers believe the WastedLocker ransomware (said to be the cause of the outage) is linked to a Russia-based group of cybercriminals known as Evil Corp. The US Treasury sanctioned that organization last year, accusing it of being responsible for developing and distributing another form of malware called Dridex. The sanction “generally prohibited” US persons from “engaging in transactions” with specific companies and people linked to Evil Corp.

Arete Incident Response, which helps companies secure their networks and resolve attacks, recently suggested that WastedLocker was not conclusively the work of Evil Corp. It published a study on that topic the day after Garmin said it was attacked. Arete told Sky News it “follows all recommended and required screenings to ensure compliance with US trade sanctions laws.”