Garmin Services Slowly Coming Back Online After WastedLocker Ransomware Attack
Garmin services including Garmin Connect as well as registering new devices remain largely disabled as of today. The company has suffered a ransomware attack that is grinding into its fourth day. Although Garmin has not offered much information about the situation, it is widely believed that services are paralyzed by a successful WastedLocker ransomware attack.
Garmin’s products include GPS connected integrations, apps, and wearable devices for fitness, automotive, marine, aviation, marine, and outdoor users. The outage began on Thursday 23 July.
The company’s website still has the same notice as it did on Friday that states the outage affects Garmin.com, Garmin Connect, and Garmin Express. The customer service call center as well as email support and online chat are not functioning.
Users are unable to access current workout data, pilots who use flyGarmin cannot download aviation databases, and users cannot register new devices.
Ransomware Attack
According to information shared with Bleeping Computer, the outage has been confirmed as a WastedLocker ransomware attack. The security team at Garmin had attempted to shut down servers as the ransomware spread across their IT network but they were unable to stop the attack.
“As part of this company-wide shutdown, the employee told us that Garmin did a hard shutdown of all devices hosted in a data center as well to prevent them from possibly being encrypted,” according to a post on Bleeping Computer. The update went on to say, “This company-wide shutdown is what caused the global outage for Garmin Connect and other connected services.”
It is reported that the attackers have demanded a ransom of $10 million USD. The threat actors that use WastedLocker ransomware, Evil Corp, are known for their exceptionally high ransom demands.
Evil Corp WastedLocker
Evil Corp customizes WastedLocker for each cyber attack, naming the encrypted file extensions after the victim corporation. Evil Corp is a Russian based hacking organization that has inflicted more then $100 million is financial losses to victimized corporations.
The Garmin Connect website and many services are now working with limited functionality. Some data integrations have been reportedly restored according to users. Garmin Connect is partially working again. The company has a system update page with bare-bones update information.
Garmin services that are running
- Garmin Dive
- Activity Details & Uploads
- Dashboard
- Garmin Golf
- LiveTrack
Garmin services that are partially functioning
- Garmin Connect
- Garmin Coach
- Strava
- Wellness Sync data processing
- ConnectIQ apps cannot be installed
- Wellness Sync
- Challenges & Connections
- Daily Summary
- Third Party Sync
- Workouts can be created but are currently not syncing to devices
“Garmin has no indication that this outage has affected your data, including activity, payment or other personal information,” says the Garmin FAQ page. On Sunday an email to customers said Garmin would not be responding to customer queries about delayed uploads because “most of the issues will resolve themselves.”
Garmin users were also informed that there may be a delay of a “week or longer” before updated user data appears in their accounts.
