Garmin Confirms Cyber-Attack as Ransomware Recovery Rumored

Garmin has finally admitted that its recent outage was caused by a cyber-attack.

In an update last week, the company initially said it was “experiencing an outage that affects flyGarmin and as a result, the flyGarmin website and mobile app are down at this time.” However, following rumors online that the company had actually suffered a ransomware attack, and that it had even paid a $10m ransom, the company has updated its statement to confirm that it suffered a “cyber-attack that encrypted some of our systems on July 23 2020.”

This resulted in many of its online services being interrupted, including website functions, customer support, customer facing applications and company communications. “We immediately began to assess the nature of the attack and started remediation.”

It said there was no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen and the functionality of Garmin products was not affected, and the only damage was to services which were taken offline. “Affected systems are being restored and we expect to return to normal operation over the next few days,” it added.

According to some reports, sources confirmed that the company had suffered a ransomware attack, and that it had been hit by WastedLocker, which SentinelOne explained was a “relatively new ransomware family which has been tracked in the wild since April/May 2020” and targets high-value companies.

Denis Legezo, senior security researcher at Kaspersky, said: “Technically speaking, WastedLocker is a targeted ransomware, which means its operators come for selected enterprises instead of every random host they can reach.

“The encryption algorithms in use are nothing special for ransomware: modern and strong. The ransomware’s operators add the victim company’s name in the ransom messages – the messages with information about how to contact the malefactors through secure e-mail services and the like. So it's pretty obvious they know for whom they came after.”

It was also reported by iThome that Garmin’s IT department sent a notice to various departments in Taiwan stating that internal IT servers and databases were attacked and production lines were also suspended for two days. Later it was rumored that the attackers had demanded a $10m ransom payment, and that Garmin had obtained the decryption key.

What’s Hot on Infosecurity Magazine?