[German]Following a global IT outage, the vendor of wearables and navigation solutions has temporarily taken its services and production offline. It is speculated that Garmin was the victim of a ransomware attack.
Garmin is a Swiss-American manufacturer of navigation receivers for satellite-based positioning and navigation with headquarters in Schaffhausen and operational headquarters in Olathe, Kansas. After its foundation in 1989 by Gary Burrell and Min Kao (hence the name Garmin), the company soon became known for the miniaturization of its GPS receivers. Today, Garmin manufactures navigation products for road navigation, fitness/sports, outdoor/natural sports, marine and air navigation applications.
Garmin announces service shutdown
A first report appeared 20 hours ago, in which Garmin was only publicly aware that their servers were down for ‘maintenance’ and that there were performance issues with Garmin Connect Mobile
Dear Garmin Users,
Our servers are currently down for maintenance & it may limit the performances of Garmin Connect Mobile & Website, and Garmin Express. We are trying our best to resolve it asap. We seek your kind understanding & apologise for any inconvenience.
— Garmin India (@Garmin_India) July 23, 2020
On the Twitter channel of the manufacturer Garmin, a notice appeared hours ago that various services had been switched off. In the first tweet the failure of Garmin Connect, the associated website and the mobile app is announced.
This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)
— Garmin (@Garmin) July 23, 2020
I only noticed that the German Garmin website throws error 404 (see the following figure). In a follow-up tweet, Garmin then specified other services that were also affected by the shutdown.
(Garmin Website ist down)
This shutdown also affects the company’s call centers. In addition, it is written that currently no calls, e-mails or online chats can be accepted. The manufacturer will try to solve this problem as soon as possible.
A ransomware infection is assumed
Such a serious disruption of an IT infrastructure, which is also worldwide, is usually a sign that a company’s networks have been attacked by ransomware. The following tweet from a user gets to the point.
Ransomware shuts down Garmin: https://t.co/GgEJR6s9Lu
Evil Corp’s new WastedLocker strain is likely to blame. I wouldn’t be surprised to see a ransom demand of at least $2-3 million in bitcoin.
— John Paul Koning (@jp_koning) July 24, 2020
ZDNet and also Bleeping Computer suspect a ransomware attack as the cause. Because at present, the present are down: Garmin Store, Garmin Connect (service for synchronizing user data), the production line in Taiwan, call center, e-mail server, online chat tool disabled and unreachable according to the following tweet.
NEW: Smartwatch and wearables maker Garmin goes down after ransomware attack
— Catalin Cimpanu (@campuscodi) July 23, 2020
Bleeping Computer writes that Garmin is infected with a (unconfirmed) WasterLocker ransomware. The ransomware is used by the Evil Corp Gang. A Chinese language news site of the iThome group in Taiwan writes that Garmin is probably infected by ransomware. The production line has been shut down for two days and the apps cannot synchronize. Translated quote from this page:
Garmin reported that the production line was down for two days. At the same time, it was also announced on the official website that the company, including the customer service system, map software updates and application updates, had suspended related services due to system maintenance; users noticed that when they carried some of the historical data, the physiological information disappeared in the mobile device, worrying about whether the sensitive data could be leaked by hackers.
As far as I know, there is no official confirmation from Garmin yet. Here is the English text of the iThome page:
iThome received news from readers that Garmin (Taiwan International Avionics), a well-known GPS and wearable device manufacturer in Taiwan, was suspected of being hacked. The IT department sent a notice to various departments in Taiwan stating that internal IT servers and databases were attacked and production lines were also suspended. Two days. It is speculated that Garmin may be attacked by ransomware.
Garmin immediately announced on the official website that system maintenance, including Garmin customer service center, map and software updates, and related applications such as Garmin Connect, Garmin Express, Launcher… and other applications, will be suspended.
iThome also called to ask the Garmin public relations department and stated that it is currently inquiring with internal related units and has not received further response, so it cannot answer whether the company’s production line has to be suspended for two days due to ransomware attacks.
However, some users of Garmin wearable devices said that the App of the current sports watch cannot obtain updated data synchronously, and some historical data of physiological information stored in the wearable device disappeared. Users are worried about whether there is a risk of leakage of relevant sensitive information.
The ZDNet article (and ThreadPost) provides further information. For example, the Garmin Pilots app, which pilots use to plan their flights, is on strike. Garmin does not seem to respond to press inquiries. Update: it has been confirmed, that it was a ransomware attack – see Garmin shutdown by WastedLocker ransomware.