[German]Some of the services of Garmin, the provider of navigation solutions, have been offline for several hours. Now there is probably confirmation that a WastedLocker Ransomware attack is the cause of the problems.
Shutdown of all Garmin services
Garmin, a Swiss-American manufacturer of navigation receivers for satellite-based positioning and navigation, had to shut down its entire IT infrastructure a few days ago. A note appeared on the company’s Twitter channel, in which Garmin made it public that its servers were down for ‘maintenance’ and that there were performance issues with Garmin Connect Mobile, the website and Garmin Express.
Dear Garmin Users,
Our servers are currently down for maintenance & it may limit the performances of Garmin Connect Mobile & Website, and Garmin Express. We are trying our best to resolve it asap. We seek your kind understanding & apologise for any inconvenience.
— Garmin India (@Garmin_India) July 23, 2020
On the Twitter channel of the manufacturer Garmin, a notice appeared hours ago that various services had been switched off. This failure also affects the company’s call centers. In addition, it is written that currently no calls, e-mails or online chats can be accepted. The manufacturer will try to solve this problem as soon as possible.
(Garmin Webseite is down)
Even the company’s website was temporarily unavailable. I had reported about this in the article Garmin Services (probably) after Ransomware attack down.
WastedLocker Ransomware attack
Meanwhile, Bleeping Computer reports in this article, citing its own sources, that the shutdown was due to a successful WastedLocker ransomware attack. WastedLocker is used by the Dridex group. Evil Corp (aka the Dridex gang) is a Russian-based cybercriminal group that has been active since at least 2007 and is known to be behind the Dridex malware and to use ransom demands as part of their attacks, including Locky ransom demands and their own ransom demand, known as BitPaymer.
For this reason, it is a delicate situation for Garmin to pay the ransom, as it would potentially violate the United States sanctions. Since then, the hacker group has again updated its tactics and is now back in the “ransom business”, using its new WastedLocker ransom software to target companies and demand ransom in the millions.
Addendum: A Garmin employee has confirmed the ransomware attack to Bleeping Computer. He only learned of the attack when he arrived at his office Thursday morning. Garmin’s IT department was still trying to remotely shut down all computers on the network when the ransomware attack was discovered. This included the home computers connected via VPN. But it turned out that this was not possible.
So employees were instructed to shut down every computer on the network they had access to. The Garmin employee also told Bleeping Computer that as part of the company-wide shutdown, all systems hosted in a data center were also shut down hard. This was done to prevent encryption of the disks. More details can be found in the Bleeping Computer article.