Garmin services and production go down after ransomware attack
Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems, ZDNet has learned.
The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia.
In messages shared on its website and Twitter, Garmin said the same outage also impacted its call centers, leaving the company in the situation of being unable to answer calls, emails, and online chats sent by users.
The incident didn't go unnoticed and has caused lots of headaches for the company's customers, most of which rely on the Garmin Connect service to sync data about runs and bike rides to Garmin's servers, all of which went down on Thursday.
But in addition to consumer wearables and sportswear, flyGarmin has also been down today. This is Garmin's web service that supports the company's line of aviation navigational equipment.
Pilots have told ZDNet today that they haven't been able to download a version of Garmin's aviation database on their Garmin airplane navigational systems. Pilots need to run an up-to-date version of this database on their navigation devices as an FAA requirement. Furthermore, the Garmin Pilot app, which they use to schedule and plan flights, was also down today, causing additional headaches.
When ZDNet reached out for comment earlier, a Garmin spokesperson declined to confirm that the outage was caused by a ransomware attack, citing an ongoing investigation, and they redirected us to a message the company had shared on its website and Twitter profile.
This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)
— Garmin (@Garmin) July 23, 2020
However, since the incident took root at around 03:00am UTC, several Garmin employees took to social media to share details about the attack, all calling it a ransomware attack. ZDNet has interviewed several and confirmed their claims. Employees from across two continents were told by their local IT staff on Thursday to shut down computers as ransomware was being spread across several branches, via its interconnected internal network.
Some Garmin employees speaking online attributed the incident to a new strain of ransomware that appeared earlier this year, called WastedLocker. ZDNet has not been able to verify this particular claim.
However, the incident appears to be much larger and more devastating than Garmin indicated via its initial statement.
iThome, a Taiwanese tech news dedicated to IT topics and smart devices, shared an internal memo that Garmin's IT staff sent its Taiwan factories, announcing two days of maintenance mode planned for Friday and Saturday, July 24 and July 25.
While the memo didn't specifically blame the impromptu maintenance mode on a ransomware attack, sources told the Taiwanese news site the incident was caused by a "virus" confirming what we were told by employees.
In today's cyber-security landscape, only ransomware attacks have the destructive power to cause companies to shut down production lines, online services, websites, email servers, and call centers in a matter of hours and enter into an impromptu maintenance mode.
Must read:
- Ransomware is now your biggest online security nightmare. And it's about to get worse
- Ransomware attacks jump as crooks target remote working
- Ransomware attack locked a football club's turnstiles
The reach of the infection remains unknown to third-party observers. Besides home consumer-grade wearables, sportswear, and smartwatches, Garmin also provides mapping and tracking solutions/equipment for the automotive and maritime industry. The impact of the ransomware attack on these services remains unclear.
It also remains unclear if any customer data has been lost or stolen during today's incident. Over the past several months, ransomware gangs have modified their modus operandi to also include data theft besides file encryption.
Until Garmin manages to restore its services, users have now taken to social media sites to share tips with each other on how to save run and bike ride information to Garmin partner services, such as Strava, to avoid losing workout information.
to all the people freaking out because @garmin @GarminFitness services have been down for 7+ hours: mount you watch via USB on your computer->browse to the activities directory->take today's .fit file->manually upload it to a 3rd party service (e.g. strava)->breath
— Marco Abis (@capotribu) July 23, 2020
This is a developing story. More updates will follow.