A ransomware attack hit technology company Garmin, bringing its operations to a grinding halt on July 23. The attack on Garmin services left the company unable to respond to calls, emails, and online chats from angry users, according to the company’s official statement on Twitter.
The Garmin Connect service was especially affected, leaving users unable to sync data on runs and rides. Customers across different time zones were advised to shut down their systems because the ransomware was replicating across the internal networks.
The company initially rejected claims that the incident was a ransomware attack. However, Garmin employees shared the details of the incident on social media, indicating the attack was associated with a ransomware variant called WastedLocker.
Garmin provides home consumer wearables, sportswear, smartwatches, mapping, and tracking solutions for maritime and automotive industries.
Details of the Garmin services ransomware attack
The ransomware attack on Garmin services was restricted to home consumer wearables, sportswear, and smartwatches.
Garmin denied that the incident was a ransomware attack, saying its experts were still investigating the cause of the disruption. However, the company later apologized, saying that the incident shut down its web services, Garmin Connect web, and mobile app services.
“We are currently experiencing an outage that affects Garmin.com and Garmin Connect,” the company wrote on Twitter.
The company lamented that the “outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”
Other areas affected by the ransomware attack on Garmin services included consumer wearables, flyGarmin, and sportswear.
Pilots were also affected by the ransomware attack, leaving them unable to download Garmin’s aviation database, which is crucial for navigation and compliance with the FAA regulations. Additionally, the flight scheduling Garmin Pilot app was also inaccessible, further inconveniencing the pilots. However, there were no flight security incidents reported from the ransomware attack on Garmin services.
Saryu Nayyar, the CEO of Gurucul, was surprised by the attack on Garmin services.
“Wow! This is a doozy. A likely ransomware attack taking down pretty much everything Garmin – website, call center, email, chat, production systems, and data-syncing service. You just don’t know when the bad guys are going to attack and who will be their next victim.”
The ransomware attack led to the company planning for a multiday maintenance event that would shut down most of Garmin services on July 24 – 25. Some of Garmin services to be affected include data syncing service, aviation database services, and some production lines in the Asia region.
Garmin could not verify whether the cybercriminals stole user data during the incident. Despite the uncertainty, the shutdown on Garmin services is unlikely to have widespread effects, considering the smartwatches have enough memory to store activity data for about a week. When normal operations of the Garmin services resume, they will sync their accumulated data with their existing accounts.
Garmin’s defenses and response leaves much to be desired
Javvad Malik, Security Awareness Advocate at KnowBe4, said organizations needed to have advanced real-time defenses.
“It is why it’s important for organizations to have a layered security model to defend, detect, and respond in a timely manner to any attacks. This not only includes technical controls but also security awareness and training, as many ransomware attacks are successful due to phishing.”
The initial denial, coupled with the unofficial release of incomplete and unverified information by Garmin employees, left many users confused and scared. The company should have acknowledged the incident earlier and provided full details to put users at ease.
Chris Clements, VP of Solutions Architecture from Cerberus Sentinel, said having an official incident response plan was essential for addressing disruptive incidents such as the ransomware attack on Garmin services.
“The security incident at Garmin highlights the need for organizations to implement a well thought out and formalized incident response plan with a preselected response team for key tasks like recovery, root cause analysis, and public communications. With no details forthcoming from official Garmin spokespeople, employees have been tweeting out information that may or may not be accurate and leading to wild speculation as to the extent and severity of the situation.”