UPDATED: Garmin Suffers Reported Ransomware Attack

UPDATED: Garmin Suffers Reported Ransomware Attack

Garmin's consumer and commercial aviation services, websites and customer service have all been rendered unavailable.

Garmin’s consumer and commercial aviation services, websites and customer service have all been rendered unavailable.

Garmin, maker of fitness trackers, smartwatches and GPS-related products, has reportedly suffered a widespread ransomware attack — though the facts around the cause remain unconfirmed for now.

The manufacturer tweeted on Thursday that its Garmin Connect service is down; Garmin is a free app for tracking, analyzing and sharing health and fitness activities from a Garmin device.

“We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time,” it acknowledged.

On Thursday night Eastern Time, Garmin also announced that the outage is affecting its commercial aviation offerings, with flight plan filing, account syncing and database concierge capabilities unavailable in the Garmin Pilot app. Also it’s Connext connected cockpit services related to weather, position reports and data from the on-board Central Maintenance Computer (CMC) found on aircraft are down. And, the entire FlyGarmin suite is down, which is an app for Windows, which simplifies avionics database updates and downloads for pilots, such as navigation, charts and more.

“We are currently experiencing an outage that affects flyGarmin and as a result, the flyGarmin website and mobile app are down at this time,” it noted in a website notice. “This outage also affects our call centers, and we are currently unavailable to receive any emails or chats, but do have limited availability for calls. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

In-flight phone and SMS services remain available via Iridium; and the FltPlan service (offering runway analysis, safety services, flight planning and more) is fully operational, it said.

But, it also added, “This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

Meanwhile, a local media outlet in Taiwan, where Garmin’s production facilities are based, reported that the outage will soon extend to production lines too: “The production line will be suspended for two days [July 24 and 25]. At the same time, the official website also announced that the company, including the customer service system, map software updates, and application updates, has suspended related services due to system maintenance.”

The tweets and reporting confirm what users have been reporting since the service went down Wednesday night Eastern Time. As the outage has dragged on, users have become aware how much their personal devices interact with the electronics giant’s infrastructure.

__Click to enlarge.

“It’s made me realise [sic] how crazy-reliant my Garmin watch is on their infrastructure,” said a poster on a Hacker News forum. “I went onto the app this morning to try and alter a watch face I already have downloaded, which should totally be configurable through just the mobile app alone. Why the hell does it need to talk to Garmin’s servers to let me do this? It should just be possible through the app alone, without needing any involvement from Garmin’s servers.”

Another pointed out the potential danger to personal data: “I am concerned a little for the location of my home now being in the hands of the wrong people.”

The situation has caused widespread speculation that the sheer reach of the outage into Garmin’s infrastructure indicates a ransomware attack; and one outlet said that Garmin employees have confirmed that the WastedLocker ransomware is to blame.

*Update: *Further reports over the weekend pointed to the WastedLocker ransomware being behind the cyberattack. Sources reportedly shared photos with BleepingComputer of a Garmin computer with encrypted files with the .garminwasted extension on each file’s name.

WastedLocker first appeared on the scene in May, as the work of the Evil Corp group (a.k.a. Dudear). Evil Corp is also associated with the Dridex banking trojan and the BitPaymer ransomware.

Evil Corp’s previous schemes involved capturing banking credentials with Dridex and then making unauthorized electronic funds transfers from unknowing victims’ bank accounts. Money mules would then receive these stolen funds into their bank accounts, and transport the funds overseas. Multiple companies were targeted by Dridex, costing them millions of dollars; victims included two banks, a school district, a petroleum business, building materials supply company and others.

“Wow! This is a doozy,” Saryu Nayyar, CEO at Gurucul, said in an email. “A likely ransomware attack taking down pretty much everything Garmin – website, call center, email, chat, production systems and data-syncing service. You just don’t know when the bad guys are going to attack and who will be their next victim. However, what we do know is every organization is susceptible to ransomware attacks.”

She added, “Hopefully, Garmin has a daily backup regimen for the company’s systems and data – that’s table stakes.”

In December, the Feds started cracking down on the group: U.S. authorities offered up $5 million for information leading to the arrest of Evil Corp. leader Maksim V. Yakubets, 32, of Russia, who goes under the moniker “aqua.” Separately, the U.S. Treasury Department in January issued sanctions against Evil Corp, “as part of a sweeping action against one of the world’s most prolific cybercriminal organizations.”

cloud security hacks malware mobile security evil corp garmin garmin connect mobile tracker outage production line ransomware wastedlocker

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Multi-cloud Spending: 8 Tips To Lower Cost

Mismanagement of multi-cloud expense costs an arm and leg to business and its management has become a major pain point. Here we break down some crucial tips to take some of the management challenges off your plate and help you optimize your cloud spend.

Cloud Security: Is it Worth it?

Storing and managing corporate data by applying the cloud is becoming more and more popular. Companies grow, and it gets too expensive, and resources consuming to store their data on traditional servers. To prove it, look at the research conducted by Google in 2019 that includes insights for the cloud computing market for the next 10 years.

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

Five alleged members of the China-linked advanced threat group and two associates have been indicted by a Federal grand jury, on dozens of charges.

What are the benefits of cloud migration? Reasons you should migrate

To move or not to move? Benefits are multifold when you are migrating to the cloud. Get the correct information to make your decision, with our cloud engineering expertise.

Best Custom Web & Mobile App Development Company

Top Web & Mobile Application Development Company in India & USA. We specialize in Golang, Ruby on Rails, Symfony, Laravel PHP, Python, Angular, Mobile Apps, Blockchain, & Chatbots