On July 23, 2020, Evil Corp (a Russian cybercrime organization led by Maksim Yakubets, sanctioned by OFAC) deployed WastedLocker ransomware against Garmin, encrypting the company’s IT systems and production systems. Garmin Connect (the fitness activity tracking platform serving millions of GPS devices), flyGarmin (aviation database service), Garmin Aviation databases, and Garmin’s call centers were all taken offline for approximately 5 days. Garmin initially paid approximately $10 million in ransom (reported by Sky News; paid via Arete Incident Response as an intermediary to avoid directly violating OFAC sanctions on Evil Corp). This created a significant controversy: Evil Corp was a designated Specially Designated Nationals (SDN) entity under OFAC sanctions, potentially making ransom payment a violation of US sanctions law. No regulatory action was taken against Garmin. The WastedLocker ransomware was specifically designed to encrypt network shares and disable Windows recovery mechanisms. The attack highlighted the legal complexities of ransomware payments when threat actors are OFAC-sanctioned entities.