This site uses cookies to offer you a better browsing experience. Find out more about how to manage cookies, or dismiss this message and continue to use cookies.
Garmin services and production go down after ransomware attack
privet01
230 Points
If you've tried to get to Garmin's website today.............
https://zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/
https://zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/
Comments
http://forums.gpsreview.net/discussion/comment/210290/#Comment_210290
BTW, did you notice how they described the company in that article? ;)
"Smartwatch and wearables maker Garmin"
Yes, that caught my eye too. Might be where the bulk of their revenue is coming from now. Never looked that close at their numbers though.
https://newsroom.garmin.com/newsroom/press-release-details/2020/Garmin-Outage-Update/default.aspx
"Garmin Outage Update
July, 23 2020
We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience."
"Garmin employees have told BleepingComputer that the company was struck down by the WastedLocker ransomware. Screenshots sent to BleepingComputer show long lists of the company’s files encrypted by the malware, with a ransom note attached to each file.
The ransom note tells the recipient to email one of two email addresses to “get a price for your data”. That price, Garmin’s sources have told BleepingComputer, is $10 million."
Firewalls only provide a layer of security. Not total security. This stuff has been happening for a long time and management of companies not hit by such still don't get it.
Even for those that do, their IT infrastructure is so tied to connectivity now they will spend a lot of money, probably as much as the ransom money to change how their IT functions at base levels to add more layers of security.
-----------------
"Garmin's long-running outage is a case study in how not to handle an IT meltdown and cybersecurity attack and may indicate a longer recovery than expected."
-----------------
Garmin has added a short FAQ to their site, but it really doesn't say much
https://www.garmin.com/en-US/outage/
"Garmin's smartwatch woes continue as GPS and run tracking for distance wasn't available. This glitch, which also applies to indoor activity tracking, means the Fenix is caught in a "saving" loop that requires a reset.
---------
...the short version is that Garmin's issues just got worse. It's one thing when Garmin tells you your data is ok and stored on the watch. It's another when the watch doesn't collect data properly and fails to connect to the GPS signal. At that point you're wearing a pricey brick on your wrist."
www.zdnet.com/article/garmin-fenix-smartwatches-hit-with-gps-run-saving-glitch-amid-outage/
So, theoretically , ransomware could end up on your computer in an update installer by simply opening Basecamp. Or let's say you use Garmin Express to update your maps. That gives their servers access to your GPS and computer where infected files could be installed on both.
Of course, there's no reason to think this is actually happening now, it's something that could theoretically happen in a future attack if they don't catch it right away. Would be nice if Garmin gave us a clue as to what is really happening. They are going to have a lot of explaining to do.
If these devices are erroring out because of not being able to get in contact with a garmin's servers, then that's a big failure on Garmin's QA department (quality assurance) or whomever does product and software testing.
Otherwise, are they saying that the worm or whatever is getting to the devices too?
Even with cloud based services going on, It seems gross mishandling of what should be a simple program error. When I was programming, we never let a failure of a service or background process stop a user from doing other things the program was capable of.
Are these devices completely cloud based for everything they do?
www.techradar.com/news/garmin-connect-outage-workouts-start-syncing-as-services-begin-to-recover
"OLATHE, Kan.--(BUSINESS WIRE)-- Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.
Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition."
https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/
"Citing an unnamed number of security sources, Sky News reported that Garmin obtained the decryption key. The report lined up with what the person with direct knowledge told Ars. Sky News said Garmin "did not directly make a payment to the hackers," but didn't elaborate. Garmin representatives declined to provide confirmation that the malware was WastedLocker and if the company paid any sort of ransom."
That leads one to think they "indirectly" made a payment to them.
https://slate.com/technology/2020/07/garmin-cyberattack-ransomware-payment.html
"On Tuesday morning, Sky News reported that the company had obtained the decryption key it needed to its systems but quoted sources as saying that Garmin “did not directly make a payment to the hackers.”
There are a lot of possible ways to read that statement, but the word that most immediately jumps out is “directly.” It’s possible that Garmin was able to procure the decryption key without caving to the ransom demands, but if Garmin did not make any payment to the hackers whatsoever, it could have just said that. Instead, the Sky News sources seemed to imply that a third party might have made some payment on Garmin’s behalf—possibly an insurer, if Garmin held any coverage for online extortion, or one of the security firms that specializes in negotiating and paying ransomware demands on behalf of victims. Understandably, if it did authorize any sort of payment, Garmin is not likely to clear up any of the details of how it happened."
https://news.sky.com/story/garmin-paid-multi-million-dollar-ransom-to-criminals-using-arete-ir-say-sources-12041468
"Smartwatch maker Garmin paid a multi-million dollar ransom to criminals who encrypted its computer files through a ransomware negotiation business called Arete IR, sources have told Sky News.
...Garmin had initially sought to pay the ransom using another firm which specialises in responding to these incidents. However, this firm responded that it didn't negotiate ransom payments in WastedLocker cases due to the risk of running foul of the sanctions.
The sources said after being initially rebuked, Garmin then sought the services of Arete IR, a firm which claims that the links between the WastedLocker ransomware and sanctioned individuals have not been proven."
Interesting how something not used for a long time can be missed when gone. Even for the few days it wasn't up.