Garmin Users Suffer Post Ransomware Attack

Most of Garmin’s online services were offline for over 4 days following a ransomware attack which took place last Wednesday, July 23. The services affected by the attack included Garmin Connect, flyGarmin, its website, and Customer Service connections. Not only was Garmin not able to access its data during the service outage, but customers were unable to track their runs and workouts as well as upload them.

Additionally, flyGarmin customers were unable to schedule and submit flight plans and update software. Several pilots expressed frustration on social media and aviation forums at being unable to update their software, which they are legally required by the Federal Aviation Administration to do monthly in order to use the aircraft.

The type of ransomware used in this attack was WastedLocker, a newer ransomware strain associated with the Russian hacking group Evil Corp. Evil Corp. was recently sanctioned by the US Treasury, making it illegal for Garmin (a US company) to pay the ransom directly if Evil Corp. was responsible for the attack.

Garmin was tight-lipped about the service interruption and offered few updates during the outage. On Thursday, Garmin tweeted an update, “We are currently experiencing an outage that affects Garmin Connect and as a result, the Garmin Connect website and mobile app are down at this time. This outage also affects our call centers and we are currently unable to receive any calls, emails, or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.” 

Garmin also provided a set of vague FAQs and a short explanation of the cyber attack. In the message, Garmin indicated that no customer data was accessed or stolen. They commented, “We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost, or stolen.”

By Monday, July 27, Garmin had begun to restore functionality to some of their services. At this time, all Garmin services have regained at least limited functionality, with some services fully functioning. 

This latest ransomware attack on Garmin illustrates the lack of effort that fitness tracking companies have made to protect users’ data. Fitness tracking companies like Garmin are responsible for protecting the hoards of detailed health data that users collect on apps and more. The health data collected by these companies can be used for more than tracking trends in customers’ health and activities. These services also record the trends in customers’ locations like their workplaces and homes, as well as show intimate details about users. 

In 2017, the tracking app Strava gave away the location of secret US military bases when they released a data visualization map of active Strava users. Analysts with the Institute for United Conflict Analysts told the Guardian that US military bases were “clearly identifiable and mappable” from recorded activities on the released map. 

Additionally, the fact that it took Garmin over 4 days to bring back any of its services suggests that they were not adequately prepared for an attack. As a consequence, it can be assumed that Garmin lost a significant amount of revenue during the time it took to restore its online services as well as inflicted steep expenses to repair the damage from the ransomware.

Garmin could have prevented much of the damage that was done due to the extended outage if it had been prepared more adequately before the attack. For more information on how to prepare for a ransomware attack, read this article. Find out how to respond to a ransomware attack here.

Garmin is due to report its earnings today.

How did other organizations respond to ransomware attacks? Find out here.