garmin ransomware attack

Garmin Goes Down in ransomware attack

Just a few weeks ago, the news hit disgruntled Garmin users that Garmin Connect was “down”.  The attack against wearable device maker, Garmin, which happened on the 23rd of July 2020, affected the company’s online services including website functionality, customer support services, client apps, and the company’s communication channels.

Garmin has a product line that includes GPS navigation with wearable technology for the outdoor, fitness, marine and aviation markets. The result of the hack was a lot of Garmin users without access to their regular services.

How did Garmin go down?

Garmin was hit by an Evil Corp’s WastedLocker ransomware attack. Many people have been hit by similar ransomware attacks in their personal capacity. Unfortunately, cybercriminals have found targeting individuals fruitless and so have started targeting large corporations where there’s limited time to tinker around trying to find a solution.

Garmin was a hot target and the hackers got it right. They set about encrypting a large portion of the company’s systems and services resulting in Garmin being offline for several days. Enough time for people to notice and start complaining.

The Good News for Garmin Users

Garmin users seem to have struck it lucky as their user data and personal particulars don’t seem to have been affected. And now that Garmin services and functions have been restored, all services seem to be up and running as before.

The Big Question: How Did Garmin Solve the Problem?

The big question that needs to be asked is how Garmin went about solving the problem. The ransomware attack was no different from others before it. Systems and data were encrypted, and a ransom was demanded in exchange for the return of systems to normal.

So, just what did Garmin do to get its data back? The jury is still out on that one!

With no official word from Garmin, rumours abound, including the source of the attack, and it is believed that Garmin did indeed pay the ransom using cyber response firm, Arete IR to enable the decryption key that was used to restore services.

It is also alleged that Garmin first approached another cyber response firm to help settle the ransom but was turned away because the company behind the WastedLocker attack, Evil Corp (Russian hackers) is currently on a US sanction list. This means that it is forbidden to make transactions to this company, regardless of the reasons.

While Sky News gave both Garmin and Arete the opportunity to confirm or deny that payment was in fact made to Evil Corp, both have declined to do so. Instead, Arete is on record disputing the fact WastedLocker is Evil Corp but was rather only developed by Evil Corp and that the evidence regarding that is actually inconclusive.

If Garmin Paid the Ransom…the precedent is Set!

All eyes are on Garmin to make a statement.

Paying a ransom, especially to a company on a US sanction list, is setting a poor precedent with ransomware hackers which can only serve to encourage cybercriminals.

As the days tick by, Garmin is under more pressure to present answers. As a listed company, their responsibility is to make public exactly how they handled the situation. Right now, we all just have to wait and see.

As a large tech company with many IT resources, Garmin still fell victim to a ransomware attack that ended up with them paying the ransom. If it can happen to Garmin, it can certainly happen to you too, and probably far easier.

What can you do?

Backup, backup, backup. Ensure that your employees are all properly trained and that you have all the necessary software on all of your devices. Don’t wait until you are a victim of a ransomware attack – do it now!