The Garmin Ransomware attack
In a recent update, Garmin confirmed that it has become a victim of a “cyber attack” although the company did not confirm the type of malware involved. Security news sites came up with assumptions linking to a ransomware variant named WastedLocker. There is no indication that customer records have been breached and, in the next few days, the organization should focus on restoring regular services.
Garmin confirmed that it has suffered a cyber attack since 23 July and that it would soon resume normal functionality. Although it originally looked like a maintenance window, the fact that users were not able to upload runs or access aviation databases and marine navigation indicated that the issue was much larger. A tweet also reported that the company was experiencing a fault in Garmin Connect and that the website and mobile app were down.
Rumors started circulating that Garmin had to take its whole network down due to a major ransomware attack. FlyGarmin (used by Garmin navigation systems) pilot applications and gps servers have been scrapped, and also apparently contributed to some planes’ grounding. However, an update late on Sunday 26 July to the FlyGarmin status page has shown that all Garmin Pilot Apps, FlyGarmin, Connext and FltPlan.com are operational.
The failure also impacted applications from third parties using Garmin data. Metrics from Strava indicate that Garmin Connect uploads fell totally on 23 July. Access to databases and syncing started to resume on Monday 27 of July, after four days of problems for Garmin Connect and its related services.
The full statement of Garmin revealed that, aside from not being able to access online services, the functionality of Garmin products has not been affected. According to the company, the systems affected are being restored and, in the coming days they expect to be back on schedule. The fitness company anticipates some disruptions as the data backlog is being processed and appreciates the customers’ patience through the accident. Despite of this setback, Garmin foresees no material effects on their activities or financial performance.
The way Garmin explains the assault indicates that they have been a victim of a cyber attack that has encrypted some of their systems. This, undoubtedly, appears to be ransomware, although the company did not confirmed if a ransom was demanded to unlock its users’ data and access to databases.
Following the accident, various media came up with posts suggesting that the ransomware that has attacked Garmin is called WastedLocker. This threat is suspected to be run by a Russian group of cyber criminals named Hacking Corp.
What is believed to have saved the Garmin’s backups isolated is that they have shut down devices in a data center to prevent them from being encrypted. At this point, there is no confirmation that hackers have stolen any confidential information – Garmin reported after 48 hours that there was no “indication” of data loss, such as user activity logs, payment or personal details. Ransomware attacks are extremely frequent, though. They hit both regular web users and organizations, and sometimes net millions of dollars for cyber criminals.
After the attack on Garmin has been confirmed, customers and investors will seek reassurance that the company’s systems and data are now safe, more so since the reporting of its profits is due on 29th of July. Following the incident, Garmin is almost obligated to report the details of exactly what has been compromised. In Europe, in particular, the company is kept entirely accountable as per the General Data Protection Regulation (GDPR) and it is expected that more information about the attack will be revealed soon.