Garmin is back online after US$10 million extortion
It’s been a horror few days for Garmin.
Early on Thursday morning (UTC) the fitness tracking company was hit with a wide-ranging outage that shut down the company’s website, halted production, prevented email, phone or chat support, and stopped activity uploads.
For four days that issue continued. Now, Garmin says the issue has been resolved. The company’s website and Garmin Connect services are online again, and activities are beginning to sync – a fact that will be of some comfort for the millions of Garmin users worldwide who were unable to get any analytics or kudos for their runs and rides over the weekend.
The breach affected not just activity tracking but also services in the company’s automotive, marine, and aviation divisions – such as flyGarmin, a service used by pilots, and Garmin Pilot Apps, which is used for flight plan filing. CyclingTips understands that these functionalities are also in the process of being restored.
Garmin’s communication throughout the ordeal has been fairly opaque – until today, the company referred to the issue in external communications only as an “outage” or “maintenance”. However, anonymous sources within the company revealed to tech websites that the company was the victim of a ransomware attack executed with the WastedLocker software, developed by the Russian Evil Corp criminal hacker group. The price of the ransom was reported to be US$10 million.
Four days after the attack, Garmin released its first formal statement acknowledging it was the victim of a cyber attack, saying:
“
Garmin today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.
The company failed to respond to specific questions from CyclingTips about the scale of the outage, and whether it impacted sister companies including Tacx. Likewise, the company has not provided details about how it was able to overcome the hack – whether by restoring from backup or rolling over and handing over the cash.
Evil Corp was sanctioned by the US Treasury in December, which means it would be illegal for Garmin to have paid the ransom to Evil Corp. However, Sky News reported that Garmin “obtained the decryption key to recover its computer files”.
Sources for the Sky story claim that the company did not make a direct payment to the hackers. A payment through a third party, however, could also be subject to Treasury sanctions, which state that “Foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.” Forbes, meanwhile, speculates that the payment of the ransom could be written off by Garmin as a tax-deductible business expense.
CyclingTips has contacted Garmin for further information.
The post Garmin is back online after US$10 million extortion appeared first on CyclingTips.