Garmin, the smartwatch and fitness data company, paid “a multi-million dollar ransom” to criminals after its worldwide systems were affected by a ransomware attack, according to Sky News.

Sky said that its sources revealed Garmin made the payment to end the attack through the ransomware negotiation business Arete IR.

The so-called WastedLocker type of attack is believed to have been made by people affiliated with the not so subtly named Evil Corp., a Russian cyber crime group .

According to Sky, Garmin sought to pay the ransom through another company before settling on using Arete IR, “a firm which claims that the links between the WastedLocker ransomware and sanctioned individuals have not been proven.” Arete has reportedly questioned the links between WastedLocker and Evil Corp.

It seems as though Arete’s business was required as Garmin, a US multinational company, cannot make direct payments to entities with links to Evil Corp. following a US Treasury sanction last year.

Garmin made no comment to Sky News when questioned about the story.