Garmin customers might have noticed that many of the company's systems have been down over the past few days, as it has apparently been the victim of a ransomware attack.
The supposed hack has seen pretty much all Garmin's services taken down, with users reporting problems accessing data and syncing their devices.
While some users on social media have reported success this morning in getting their devices to sync again, it appears that Garmin isn't quite out of the woods yet.
Update 07/27: Since the publication of this article, Garmin has issued a statement stating that it was the victim of a cyber attack. The full statement can be found on the company's site.
Reported Ransomware Attack
It's important to note that we don't know for certain if Garmin has been hit by a ransomware attack. Official communications from the company haven't mentioned the dreaded ‘R' word at all, although that's not entirely unusual at this stage. However, what we do know is that the vast majority of its services have been unavailable since last Wednesday, which is a huge red flag.
A cursory glance at its status page showed all listed services as unavailable, from Garmin Drive, to VivoFit, and Garmin Golf. First thing this morning, the page resulted in an error message, but now shows services slowly creeping back online.
Garmin is calling the issue an ‘outage', and telling its customers that locally stored data will sync again when the servers are back online. The company is also reassuring its customers that personal data is not at risk:
Garmin has no indication that this outage has affected your data, including activity, payment or other personal information. – Garmin
While it hasn't pinpointed the problem on a ransomware attack, insiders have contacted tech media to confirm that this is the case. Bleeping Computer ran a story with an anonymous Garmin employee stating that the attack was known about internally, and even sharing screen grabs which seem to show some of the affected files. The virus was identified as ‘WastedLocker', a Russian-deployed attack from the EvilCorp group. The ransom is purported to be $10 million, according to Bleeping Computer.
Similarly, ITHome ran a story last week which showed an internal memo from Garmin, stating that it had been the victim of a virus.
What Next for Garmin?
If the reports about the ransomware attack are true, then Garmin has two choices – remove the virus, or pay the ransom. Neither option will be particularly appealing to the company – removing the virus runs the risk of losing company data, and paying the blackmail fee means that the hackers could return for more in the future. The fact that some users on Twitter claim to have been able to sync their devices again this morning implies that one way or the other, the company is making progress with the issue.
Garmin will also need to consider its messaging in order to regain confidence from its users. Initially, the company claimed that its services would be taken offline for ‘maintenance', before later admitting that it was an experiencing an outage. Despite the company's reassurance that no user data is being compromised, owners of Garmin devices are likely seeing news stories such as this and feeling alarmed all the same. The possibility of further damage, including personal data loss, remains open.
Garmin needs to get this matter resolved as quickly and smoothly as possible, not only for its customers, but also as it has an earnings call this Wednesday, which is bound to be overshadowed by the issue.
The Real Risk of Ransomware
Ransomware, in which a virus hijacks a system and locks all its data behind a paywall, is becoming a serious issue for businesses. Not only does the rise of connected services mean that a ransomware attack can cripple devices and software for consumers, as seen here with Garmin, but it could also potentially expose personal user details. Both scenarios are a huge PR headache for companies, and that's before the actual ransom itself is taken into account.
While ransomware attacks can affect personal users, it is bigger corporations and governments that can yield the big payday for these hackers. Even local services aren't safe. Last year we reported on the small Florida Town of Riviera Beach, which paid hackers $600,000 dollars after its entire database was encrypted in a ransomware attack. The cause? A member of staff clicking on an email link.
Just last week, several UK, US and Canadian universities reported that a service provider, Blackbaud, had informed them of a ransomware attack it had suffered back in May. The company paid the hackers the ransom, but won't reveal the amount involved or the scale of the attack. The company, which provides education administration software, has come into criticism for only now revealing that user's personal data was compromised.
With the pandemic-induced rise on working from home, companies are having to deal with having their systems accessed externally, leading to safety concerns. It's highly unlikely this will be the last big ransomware we'll hear about this year.
To help protect your company data, invest in a business antivirus service. If you don't take security seriously now, you'll come to regret it sooner or later… don't say we didn't warn you!