On July 23, Garmin services were discontinued. Watches, cycle computers, and other devices had stopped downloading data, and the Garmin Connect app began displaying a message explaining that the sudden failure was due to "maintenance." The FlyGarmin pilot software and navigation database (used for Garmin's navigation systems) also failed, which is believed to have led to the grounding of some aircraft. A tweet from the brand confirmed that he was "experiencing an outage affecting Garmin Connect and as a result the Garmin Connect website and mobile app were currently down" but as the outage continued. It continued, speculation began to circulate that it was not just a glitch, but the result of a ransomware attack that had encrypted critical data on Garmin systems.
We thank all of our clients for their patience and understanding. For more information, visit https://t.co/U3vwBre4U2. July 27, 2020
what happened
Sources claiming to have first-hand knowledge of the situation told BleepingComputer that the company's data had been encrypted and that the attackers were demanding a ransom to release it. The sources shared screenshots (purportedly from Garmin systems) showing locked files with the name "GARMIN.WASTED". ZDNet cited a report by Taiwanese tech site iThome, which claims that a memo was sent to Garmin's Taiwanese production facility saying that ``servers and databases'' were attacked and production lines were targeted. closed for two days during his recovery. The possibility of such an attack was very worrying. Garmin has a lot of personal data about its customers—names, birthdays, contact information, GPS data, and health information—and ransomware makers don't always just encrypt their targets' data. If the ransom is not paid, they could sell it or disclose it online.
![Edición táctica solar Garmin Instinct]()
Users find that their devices are unable to process activity information despite a cloud connection being interrupted (Image credit: Garmin) TechRadar spoke to the brand 48 hours after the interruption and received a statement confirming that most of its customer services were still offline: “Garmin is experiencing an outage affecting Garmin services, including Garmin Connect and Garmin Pilot. Due to the outage, some features and services on these platforms are not available to customers. Additionally, our product support call centers are affected by the outage and therefore we are currently unable to receive calls, emails or online chats. “We are working to restore our systems as quickly as possible and we apologize for any inconvenience caused. Additional updates will be provided as they become available. "The brand then directed TechRadar into a brief question-and-answer period, reassuring users that “Garmin has no indication that this outage has affected your data, including activity, payment, or other information. staff ".
![Garmin]()
Garmin services began to recover four days after the attack (Image credit: Garmin) On July 27, four days after the outage began, Garmin Connect services began to come back online and the company finally confirmed that it had been the victim of an attack that encrypted its data (although it was 'refrained from mentioning whether the attackers had demanded a ransom): "Garmin announced today that it was the victim of a cyberattack that encrypted some of our systems on July 23 of 2020. As a result, many of our online services have been discontinued, including website functions, customer support, client applications, and corporate communications."We immediately began to assess the nature of the attack and to remediate it. We have no indication that any customer data, including Garmin Pay payment information, has been accessed, lost, or stolen.In addition, the functionality of Garmin products has not been affected, except for the ability to access online services.
![Garmin]()
Garmin assured users that their Garmin Pay data was not compromised in the attack (Image credit: Garmin) On July 30, as services resumed, Garmin President and CEO Clifton Pemble addressed the attack in a speech during the company's annual earnings call. "Most of you are aware of the recent cyberattack that caused a network outage that affected much of our website and consumer applications," Pemble said. "We immediately assessed the nature of the 'attack and began remedial efforts. We have no indication that customer data was accessed, lost, or stolen In addition, the functionality of Garmin products has not been affected, except for the ability to access certain online services Critical business systems have been restored and we plan to restore the remaining systems in the next few days. We appreciate your patience and kind words of support. We have had customers and friends through this challenge."
Is my data safe?
Presumably. Garmin has taken every opportunity to reassure its users that their data has not been compromised, and a recent TechCrunch report, citing two sources claiming to have "firsthand knowledge of the incident," says that the ransomware used does not seem capable of stealing or extracting data from locked files. Your daily data during the outage was recorded on your device, be it your body battery, stress levels, or daily step count, and that data should now be synced to Garmin's servers.
And Strava?
Strava was not directly affected, but workouts recorded with Garmin devices were not downloaded during the outage. A Strava stats chart shows a complete drop in business for Garmin since July 23, with overall downloads down by a third. Workouts gradually began syncing to Strava on July 27, but Strava warned that due to the size of the backlog, it could take a week or more for all activities to sync, so don't worry if yours were slow to appear. . If you can't wait that long, you can manually upload your activities to Strava.
![Garmin Connect]()
Strava downloads from Garmin devices were completely suspended on July 23 (Image credit: TheComparison)
Who was behind?
This has not been confirmed, but the name GARMIN.WASTED given to the locked files suggests that the ransomware in question is a variant of WastedLocker, which is operated by a Russian gang known as the Hacking Corp and can be adapted to attack. very specific goals. As Sky News reports, members of the group were sanctioned by the US Treasury last year for committing "two of the worst hacking and bank fraud schemes in the last decade." If that was correct, it could have put Garmin in a very difficult situation. The sanctions prohibit Americans from transacting with criminals, and since Garmin is an American company, paying a ransom to unlock files could be just that. However, it's unclear if this would apply when extorting a business or individual, but anonymous sources who spoke to Sky said Garmin did not make a direct payment to their attackers to leak their data.
What is ransomware?
Ransomware is a type of malicious software (malware) that encrypts data, rendering it useless until the victim pays a fee for the decryption key. Payment is required in Bitcoin, so it cannot be traced and is used to finance criminal activities. There is also no guarantee that payment will allow you to recover your data. Home users may be affected by ransomware, but gangs find it much more lucrative to target companies that have a lot of sensitive data and pockets deep enough to pay a large ransom. As Malwarebytes explains, WastedLocker attacks demand ransoms ranging from €50,000 (about $40,000, AU$70,000) to more than €10 million (about €8 million, AU$14 million) in Bitcoin. There are removal tools out there, there are so many different varieties of ransomware that it encrypts files in different ways, you can only decrypt your files if you know exactly what you were infected with, and a developer was able to create a solution. . . The best way to deal with ransomware is to make regular, proactive backups, so you can restore your files without paying a penalty. These backups need to be completely separate from the rest of your system, otherwise they might as well be encrypted. The attacks can be tailored to a particular organization or even a specific person, who might receive the ransomware dropper as part of a very genuine email from a colleague, filled with information that a third party would not be likely to know. "Ransomware attacks are terribly common," IT security expert Graham Cluley told TechRadar. “This is one of the most important types of cybercrime in recent years. They have affected both individuals and organizations, sometimes bringing in millions of dollars for cybercriminals. "Obviously, not everyone can afford to pay, which means they risk losing not just valuable work, but sentimental, irreplaceable files like family photos. The bottom line? Safe, regular backups and make sure they work." ".