Garmin’s global service downturn continues to kick in and is not yet fully resolved, but we finally have official confirmation of the cause: a cyber attack by Ransomware who has brought down the Kansas company.
Last Wednesday, users began to report failures in accessing Garmin Connect and other company services on social media. From the first moment the case pointed to a computer attack, but Garmin did not confirm it. It only posted a short Tweet, and it wasn’t until Saturday that the company released a FAQ that didn’t address the big questions, either.
The main website with the status of the services did reflect the situation: “We are currently experiencing an outage affecting Garmin.com and Garmin Connect,” it was read on the portal. “This drop also affects our call centers, and we are currently unable to receive any calls, emails or online chat. We are working to resolve this issue as quickly as possible and we apologize for this inconvenience. ”
Five days later they have begun to recover the services and confirm what everyone knew. «Garmin Ltd. was the victim of a cyber attack which encrypted some of our systems on July 23, 2020, ″ the company said today.
“As a result, many of our online services were disrupted, including website functions, technical support, customer-facing applications, and company communications. We immediately began to assess the nature of the attack and began to remedy it, “they comment.
It is not known whether Garmin has ended up paying the “ransom” and the situation of personal data. Remember that the Garmin cloud hosts a large amount of personal information. And of the compromised, since it registers the sports and health activities of devices such as its heart rate monitors.
Garmin claims that user data has not been compromised, only blocked for their legitimate owners. “We have no indication that any customer data, including Garmin Pay payment information, has been accessed, lost, or stolen,” the company insists. “Additionally, the functionality of Garmin products was not affected, apart from the ability to access online services.”
The collected data, but could not be synced with the Garmin Connect cloud, must still be stored securely on individual devices. While almost all services are back online, there are still some gaps. Activity details are working, but the leaderboard stats for the challenges are overdue just like the Garmin Coack plans.
Regarding integration with third-party services like StravaGarmin says that “it’s still a work in progress.” Strava Beacon integration is working and segments and routes are queued to sync with devices. However, any uploaded activity may be delayed before reaching a user’s Strada account.
Ransomware ravages Garmin
The cause of the crisis lay in a targeted attack with WastedLocker ransomware as the protagonist. Everything indicates (not proven) that the group of cybercriminals Evil Corp, known for being responsible for the Dridex malware and for using this technique as part of their attacks, is behind the case and they would have asked $ 10 million “bailout” for unlocking the encryption that has plagued Garmin computers and networks.
Garmin’s IT department attempted to remotely shutdown all computers on the network before they became infected, including home computers connected via VPN. Unable to do so, employees were asked to turn off any computers on the corporate network to which they had access.
Garmin also closed all devices housed in a data center completely to prevent them from being encrypted. This closure is what caused the global outage of Garmin Connect and other connected services.
The attack affected internal IT servers and company databases to the point that Garmin also had to shut down for two days (July 24 and 25) the Garmin Taiwan production plants.
Garmin will present financial results this week and we will see how Wall Street digests them in terms of reputational loss. Cyber attacks are suffered by all companies, but it does not seem that the management of this crisis has been the most successful, especially due to the lack of information and the closure of services for five days.
On the other hand, the case is another sign that the ransomware it is the world’s first cyber threat. Attacks are increasingly numerous, sophisticated, dangerous, massive, and targeted at businesses. From infecting personal computers and asking for $ 50 ransom, it has gone on to attack large multinationals and demand millions of dollars.
Be sure to check out our latest handout with “Ten Steps to Fight Ransomware.” Recommendations to anticipate attacks because once infected there is no solution.