Garmin hit with massive ransomware attack

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
I noticed problems early this morning when I wanted to check something on their site, but just now learned about this.

"Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia.

In messages shared on its website and Twitter, Garmin said the same outage also impacted its call centers, leaving the company in the situation of being unable to answer calls, emails, and online chats sent by users."


 
  • Like
Reactions: Teegate

bobpbx

Piney
Staff member
Oct 25, 2002
11,915
2,295
1,093
Pines; Bamber area
I don't understand why the World doesn't band together and fund a team to crucify those people who try to take away everything you have through ransom tactics. I'd love to be the one shutting the jail cell door.
 
  • Like
Reactions: Teegate

RednekF350

Piney
Feb 20, 2004
4,485
2,160
1,093
Pestletown, N.J.
Wonderful. I was actually going to check out their site this weekend to check for nav chart updates for my 720 marine unit.
Oh well, I'll just have to operate in the good old Flat Earth mode. :)
 
  • Like
Reactions: Boyd

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
I don't understand why the World doesn't band together and fund a team to crucify those people
They really are scum. But ransomware is pretty far down on my list of things that the world should band together and stop. ;) And I don't think Garmin should get a pass here either, they should have had better safeguards in place. As of today, Garmin has not yet admitted that this was a ransomware event.

Garmin Outage Update

July, 23 2020

We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.

https://newsroom.garmin.com/newsroom/press-release-details/2020/Garmin-Outage-Update/default.aspx
 

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
"The ransom note tells the recipient to email one of two email addresses to “get a price for your data”. That price, Garmin’s sources have told BleepingComputer, is $10 million."

 

bobpbx

Piney
Staff member
Oct 25, 2002
11,915
2,295
1,093
Pines; Bamber area
I'd love it if it turns out they are actually using the time to, with outside help, determine how to send bogus data making it seem they actually paid the money, and trace it all the way to the groups bank account. But no, like most, they'll just roll over and either pay it, or go through the excruciating madness of recreating their systems.
 

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
The problem is, I suspect that the cost of the damage could be well over $10 milliion. Garmin is an $18 billion company and having their systems down for so long is really making the people who depend on them mad. Garmin has been pushing people into "the cloud" for years now, their fitness devices all depend on it. So do their aviation devices. And their new GPS units too - remember, they have discontinued Basecamp and have already introduced a few new devices that are dependent on their web portal.

That's what is so maddening about these ransomware attacks, typically they set the ransom at a level where it is more financially wise to just pay. And it keeps happening because it works. I don't know much about bitcoin, but seems to me the whole point is that you can't trace where the money goes.

This could also do longer term damage to Garmin. If their systems are so vulnerable to attack, will people continue to trust them with their very personal data (everywhere you go, your schedule, medical data, etc)? And if you don't have one of these connected devices, do you ever use Garmin Express to update the maps and firmware on your GPS? Do you really know if Garmin is harvesting your personal data (tracks, waypoints) when your GPS is connected?
 

old jersey girl

Explorer
Jul 26, 2017
434
191
43
south nj near Delaware bayshore
The problem is, I suspect that the cost of the damage could be well over $10 milliion. Garmin is an $18 billion company and having their systems down for so long is really making the people who depend on them mad. Garmin has been pushing people into "the cloud" for years now, their fitness devices all depend on it. So do their aviation devices. And their new GPS units too - remember, they have discontinued Basecamp and have already introduced a few new devices that are dependent on their web portal.

That's what is so maddening about these ransomware attacks, typically they set the ransom at a level where it is more financially wise to just pay. And it keeps happening because it works. I don't know much about bitcoin, but seems to me the whole point is that you can't trace where the money goes.

This could also do longer term damage to Garmin. If their systems are so vulnerable to attack, will people continue to trust them with their very personal data (everywhere you go, your schedule, medical data, etc)? And if you don't have one of these connected devices, do you ever use Garmin Express to update the maps and firmware on your GPS? Do you really know if Garmin is harvesting your personal data (tracks, waypoints) when your GPS is connected?
"harvesting data" ? Well, yes. NYTimes recently reported that software incorporated in drones made in China does that. Garmin systems used in drones?
 

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
I don't quite see the connection between drones and Garmin. Was that a claim in the article? I don't think drones use Garmin, but they have a big presence in private and commercial aviation, and evidently that is affected since pilots cannot upload/download flight plans.

cockpit.jpg
 

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
Yes, that is the same message from their website, with no updates since Thursday. Disappointing that they aren't sharing more info about what happened and when it will be fixed.
 

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
"Garmin's long-running outage is a case study in how not to handle an IT meltdown and cybersecurity attack and may indicate a longer recovery than expected."
= = = =
"Based on Garmin's crisis management since late last Wednesday, things aren't looking so hot. At first, Garmin met the issues with silence, then a short Tweet noting problems. On Saturday, the company followed up with a vague FAQ that didn't address the big questions"

 

Teegate

Administrator
Site Administrator
Sep 17, 2002
22,670
4,613
1,093
It would be interesting to know what is going on in that company right now.
 
  • Like
Reactions: Boyd

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek
"...the short version is that Garmin's issues just got worse. It's one thing when Garmin tells you your data is ok and stored on the watch. It's another when the watch doesn't collect data properly and fails to connect to the GPS signal. At that point you're wearing a pricey brick on your wrist."

 

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek

Boyd

Super Moderator
Staff member
Moderator
Jul 31, 2004
7,574
1,504
1,093
Ben's Branch, Stephen Creek

"OLATHE, Kan.--(BUSINESS WIRE)-- Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition."




"Citing an unnamed number of security sources, Sky News reported that Garmin obtained the decryption key. The report lined up with what the person with direct knowledge told Ars. Sky News said Garmin "did not directly make a payment to the hackers," but didn't elaborate. Garmin representatives declined to provide confirmation that the malware was WastedLocker and if the company paid any sort of ransom."