This site uses cookies to offer you a better browsing experience. Find out more about how to manage cookies, or dismiss this message and continue to use cookies.

Garmin services and production go down after ransomware attack

Comments

  • t923347 532 Points
    edited July 23
    Garmin.com appears to be backup now (14:15 PDT)



  • Boyd 2009 Points
    I noticed the problem this morning, but didn't know the cause until reading the news just now.

    http://forums.gpsreview.net/discussion/comment/210290/#Comment_210290

    BTW, did you notice how they described the company in that article? ;)

    "Smartwatch and wearables maker Garmin"
  • privet01 229 Points
    "Smartwatch and wearables maker Garmin"
    Yes, that caught my eye too. Might be where the bulk of their revenue is coming from now. Never looked that close at their numbers though.
  • Boyd 2009 Points
    CNET said "Garmin, known for its smartwatches and wearables". MacRumors said they were a "smartwatch maker". At least Forbes called them "GPS technology titan Garmin". :D
  • Boyd 2009 Points
    edited July 25
    Still no official word from Garmin about this, they have not confirmed it was a ransomware attack or provided any updates. Really makes them look bad IMO....

    https://newsroom.garmin.com/newsroom/press-release-details/2020/Garmin-Outage-Update/default.aspx

    "Garmin Outage Update
    July, 23 2020

    We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience."
  • Boyd 2009 Points
    www.forbes.com/sites/barrycollins/2020/07/25/will-garmin-pay-10m-ransom-to-end-two-day-outage

    "Garmin employees have told BleepingComputer that the company was struck down by the WastedLocker ransomware. Screenshots sent to BleepingComputer show long lists of the company’s files encrypted by the malware, with a ransom note attached to each file.

    The ransom note tells the recipient to email one of two email addresses to “get a price for your data”. That price, Garmin’s sources have told BleepingComputer, is $10 million."
  • privet01 229 Points
    I spent part of my career in the IT (information technology) world. My wife is still involved with IT. Even back in the 90's I was amazed at how willing company management was to connect all their computers to the wide wide world with only a firewall between them and people willing to extort them.

    Firewalls only provide a layer of security. Not total security. This stuff has been happening for a long time and management of companies not hit by such still don't get it.

    Even for those that do, their IT infrastructure is so tied to connectivity now they will spend a lot of money, probably as much as the ransom money to change how their IT functions at base levels to add more layers of security.
  • Boyd 2009 Points
    www.zdnet.com/article/garmins-outage-ransomware-attack-response-lacking-as-earnings-loom/
    -----------------
    "Garmin's long-running outage is a case study in how not to handle an IT meltdown and cybersecurity attack and may indicate a longer recovery than expected."
    -----------------
    Garmin has added a short FAQ to their site, but it really doesn't say much

    https://www.garmin.com/en-US/outage/
  • Boyd 2009 Points
    This is gonna make a lot of people really mad....

    "Garmin's smartwatch woes continue as GPS and run tracking for distance wasn't available. This glitch, which also applies to indoor activity tracking, means the Fenix is caught in a "saving" loop that requires a reset.
    ---------
    ...the short version is that Garmin's issues just got worse. It's one thing when Garmin tells you your data is ok and stored on the watch. It's another when the watch doesn't collect data properly and fails to connect to the GPS signal. At that point you're wearing a pricey brick on your wrist."

    www.zdnet.com/article/garmin-fenix-smartwatches-hit-with-gps-run-saving-glitch-amid-outage/
  • Boyd 2009 Points
    edited July 26
    Was thinking about this. Let's say you don't use any of Garmin's connected services, so this doesn't directly affect you. But could it? If Garmin's servers are compromised and they don't detect it, there are a variety of ways it could be a problem. Every time you open Basecamp, it automatically checks for updates. IIRC, there is no way to prevent this, although it asks if you want to install.

    So, theoretically , ransomware could end up on your computer in an update installer by simply opening Basecamp. Or let's say you use Garmin Express to update your maps. That gives their servers access to your GPS and computer where infected files could be installed on both.

    Of course, there's no reason to think this is actually happening now, it's something that could theoretically happen in a future attack if they don't catch it right away. Would be nice if Garmin gave us a clue as to what is really happening. They are going to have a lot of explaining to do.
  • privet01 229 Points
    edited July 26
    I only skimmed through the article. But programming wise, there shouldn't be a reason that problems at Garmin should be causing issues with the devices. The devices should always be able to connect to the GPS satellites and give you all the information that the device can give.

    If these devices are erroring out because of not being able to get in contact with a garmin's servers, then that's a big failure on Garmin's QA department (quality assurance) or whomever does product and software testing.

    Otherwise, are they saying that the worm or whatever is getting to the devices too?
  • Boyd 2009 Points
    No, the problem is with Garmin's servers. But these are cloud-based devices that frequently check with the servers and not being able to do so makes them crash (evidently). You'd think they would just time out and give you an error message. People have been asking "who does product and software testing at Garmin?" for quite awhile, LOL :))
  • privet01 229 Points
    I'm just having a problem understanding why a garmin device not being able to connect to a garmin server would cause it to not function at all.

    Even with cloud based services going on, It seems gross mishandling of what should be a simple program error. When I was programming, we never let a failure of a service or background process stop a user from doing other things the program was capable of.

    Are these devices completely cloud based for everything they do?
  • Boyd 2009 Points
    "Systems appear to be recovering following a major system outage that took Garmin down on July 23 and lasted throughout the weekend. The flyGarmin service came back online earlier today, and it appears that some users' runs and rides are now beginning to appear on Garmin Connect."

    www.techradar.com/news/garmin-connect-outage-workouts-start-syncing-as-services-begin-to-recover
  • Boyd 2009 Points
    edited July 28
    https://newsroom.garmin.com/newsroom/press-release-details/2020/Garmin-issues-statement-on-recent-outage/default.aspx

    "OLATHE, Kan.--(BUSINESS WIRE)-- Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

    Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition."

    https://arstechnica.com/information-technology/2020/07/garmans-four-day-service-meltdown-was-caused-by-ransomware/

    "Citing an unnamed number of security sources, Sky News reported that Garmin obtained the decryption key. The report lined up with what the person with direct knowledge told Ars. Sky News said Garmin "did not directly make a payment to the hackers," but didn't elaborate. Garmin representatives declined to provide confirmation that the malware was WastedLocker and if the company paid any sort of ransom."
  • Tim 1486 Points
    The last paragraph is the most interesting.
  • Boyd 2009 Points
    Yeah, I think so. If you read that article, the US Treasury has sanctioned "Evil Corp", and if Garmin actually paid the ransom that would be a violation of the sanction and pose a legal problem. This might explain why Garmin is saying so little about this.
  • Tim 1486 Points
    "did not directly make a payment to the hackers"

    That leads one to think they "indirectly" made a payment to them.
  • Boyd 2009 Points
    Exactly! >:)
  • Boyd 2009 Points
    Some discussion of this issue here:

    https://slate.com/technology/2020/07/garmin-cyberattack-ransomware-payment.html

    "On Tuesday morning, Sky News reported that the company had obtained the decryption key it needed to its systems but quoted sources as saying that Garmin “did not directly make a payment to the hackers.”

    There are a lot of possible ways to read that statement, but the word that most immediately jumps out is “directly.” It’s possible that Garmin was able to procure the decryption key without caving to the ransom demands, but if Garmin did not make any payment to the hackers whatsoever, it could have just said that. Instead, the Sky News sources seemed to imply that a third party might have made some payment on Garmin’s behalf—possibly an insurer, if Garmin held any coverage for online extortion, or one of the security firms that specializes in negotiating and paying ransomware demands on behalf of victims. Understandably, if it did authorize any sort of payment, Garmin is not likely to clear up any of the details of how it happened."
  • Boyd 2009 Points
    Some more info here

    https://news.sky.com/story/garmin-paid-multi-million-dollar-ransom-to-criminals-using-arete-ir-say-sources-12041468

    "Smartwatch maker Garmin paid a multi-million dollar ransom to criminals who encrypted its computer files through a ransomware negotiation business called Arete IR, sources have told Sky News.

    ...Garmin had initially sought to pay the ransom using another firm which specialises in responding to these incidents. However, this firm responded that it didn't negotiate ransom payments in WastedLocker cases due to the risk of running foul of the sanctions.

    The sources said after being initially rebuked, Garmin then sought the services of Arete IR, a firm which claims that the links between the WastedLocker ransomware and sanctioned individuals have not been proven."
  • sussamb 829 Points
    Forum is now up again :)
  • privet01 229 Points
    It's been awhile since I've been to the Garmin Forums. Surprisingly, while it was down there was some info I was looking for that I felt for certain would be there.

    Interesting how something not used for a long time can be missed when gone. Even for the few days it wasn't up.
Sign In or Register to comment.
↑ Top