In a statement posted on the 22nd of July 2020, Garmin said that it was experiencing an outage of services, including Garmin Connect. Their product support centres were affected and their statement said they were not accepting any calls, emails or chats.
Garmin, the GPS tech and wearable device manufacturer has allegedly been hit by a cyberattack known by the name of WastedLocker, a strain of ransomware.
While Gamin has not officially stated that they have been hit by ransomware, reports from multiple news outlets, imply the cause of the outage is WastedLocker. Computer Weekly has previously reported on WastedLocker that it is highly likely to be a new project by the cyber crime group Evil Corp, a Russian based organisation. It is reported that the group is demanding a $10 million ransom.
In December 2019 the the U.S Treasury Department sanctioned evil Corp gang after being charged for using Dridex to cause more than $100 million in financial damages. Because of this, if Gamin pay the ransom they could potentially be violating US sanctions. A tricky situation for Garmin!
The cyberattack has affected consumers who use the run and bike fitness sessions in the Gamin Connect app and pilots who use the aviation database. They also shutdown all call centres.
We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time. (1/2)— Garmin (@Garmin) July 23, 2020
This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)— Garmin (@Garmin) July 23, 2020
In their statement Garmin confirmed that no personal data has been affected.
"Garmin has no indication that this outage has affected your data, including activity, payment or other personal information."
According to a report in ZDNet, Garmin is "planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia."
What is Ransomware?
Ransomware is a form of malware that works to encrypt a victim’s files. The attacker then demands a ransom in order to unlock and restore access to the files. Files can anything from Word documents to software database files, loosing access to both could be detrimental to a businesses operation.
We have seen ransoms requested for a few hundred to hundreds of thousands of dollars. Generally, the cyber criminals performing these attacks are ‘reputable’ and will provide you with an unlock key to gain access to your files again. However, there is no guarantee, even if you pay the ransom.
What is WastedLocker?
The principle of WastedLocker is the same as all ransomware strains, blocking access to files and holding them to ransom.
It is a relatively new ransomware family which has been tracked online since April 2020. The name comes from a string of characters that exist in encrypted files when they have been affected by WastedLocker.
How Can I Protect Myself?
While in this particular case, the data of users of Garmin services appears to be unaffected, if you know that the password you use to access services with Garmin is used in another of your online accounts, change it.
As the situation is evolving, keep an eye on the news and be weary of emails claiming to be from Garmin.
How Can I Protect My Business?
Education and proactive prevention are key! Ransomware commonly enters a business through malicious emails so, having an email filtering and ‘containerisation’ platform in place is step one.
Ensuring you are in compliance with the Australian Government's ASD Essential 8 security recommendations is your first step. We have a cybersecurity team that was built with the ASD Essential 8 principles at it's core and would love to secure your business.
No system can provide 100% protection, so your next step of defense is education. Teaching you and your team how to identify phishing emails and malicious activity. Phishing emails can look legitimate and be really tricky to spot, particularly if they are targeted at an individual person. We recently published a training video on how to identify phishing emails, watch it here.
The True Cost of Ransomware
When setting up and reviewing your cybersecurity, it is important to think about what a cyberattack like this one would cost your business, besides the ransom itself. The damage to your reputation, productivity, and service delivery. We published an article on what the average cost of a ransomware cyberattack is, you can read more about it here.
We are an IT Support Provider who specialises in Cybersecurity. We would love to help you understand how you can better protect yourself and your business!