Garmin Leaves Users Without Service After Ransomware Attack

Laura BednarCybersecurityLeave a Comment

Garmin Ransomware Attack

Consumers who use Garmin products and services for GPS, fitness tracking, and aviation have been without service since Wednesday of last week. A full recovery has still not been made, but the culprit behind the outage is thought to be a type of ransomware. On Garmin’s website, it states at the top of the page that, “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats.”

The ransomware in question does not have the ability to steal or exfiltrate data, so consumers can take solace in the fact that their personal information will not be sold to malicious parties. However, Garmin must still bolster their security controls and take precautions to ensure both individuals and larger organizations don’t lose access to location services at inopportune times.

Breakdown of the Attack

Anonymous sources mentioned on Techcrunch blamed the ransomware known as WastedLocker for the widespread outage. This malicious software is operated by Evil Corp and, like most ransomware, will encrypt files and will only return access after the ransom has been paid. Companies who have experienced this type of attack have dealt with payment demands up to $10 million.

Evil Corp uses a malware called Dridex, which steals passwords and then gains access to facilities and their internal systems. In the past 10 years, these attackers have stolen over $100 million from more than a hundred banks. Garmin stated that the attack left many of their online services interrupted including website function, customer support, and company communications.

How the Attack Affected Garmin

Garmin customers were unable to log into their Garmin Connect accounts to record and analyze health and fitness data during the attack, but that’s not all. Many platforms and features were affected including:

  • Garmin Drive
  • LiveTrack
  • Third Party Sync
  • Wellness Sync
  • And more

Most importantly, pilots who utilize the “flyGarmin” program couldn’t download up-to-date aviation database information. This data is required before pilots, who must adhere to the FAA standards, can fly. While missing out on a few days of health and wellness tracking is an inconvenience, being unable to fly a plane to a specific destination can be an issue depending on the passengers or cargo the plane is carrying.

The only positive that comes out of the attack is that Garmin claims there is no indication that customer data, such as payment information, was accessed or stolen. Luckily, this type of ransomware is not developed enough to steal the data for selling on the dark web but rather just encrypts the files to prevent use.

Keep All Systems Go by Bolstering Security

Since the WastedLocker ransomware only has the ability to encrypt files instead of steal data, companies with a proper backup system will be able to bounce back from this attack. Having secure backup systems is only one piece of the puzzle in defending against cyber attacks. Passwords and other credentials must be complex and not stored in a place that hackers could easily access. Employees must be trained in cybersecurity methods to avoid clicking phishing emails or other malicious links.

These cybersecurity tips are the basics for any company who has sensitive information on customers as well as internal practices. Our line of hardware encrypted SecureDrives protect data from ransomware as a secure backup system with built-in antivirus. The drives themselves require PIN authentication or wireless authentication via secure mobile app. These methods keep hackers from accessing the drive and will ensure a company does not have to pay ransom in order to operate.

In addition, our SecureForensics service can battle ransomware by finding the source of the attack, stopping it, and determining what data was compromised. Digital evidence is then compiled into a court-admissible document. To learn more about our data security products and services, call 1-800-388-1266.