Some Garmin services are slowly coming back up such as it’s website. The company’s servers have been down for more than two days due to a rumoured ransomware attack. Once source claims the cyber criminals are demanding a $10 million ransom.
So what exactly is a ransomware attack?
Ransomware is able to penetrate a network and quickly lock up files. Disguised as a legitimate file, the virus releases malware executables into the victim’s system where they begin to quickly wreak havoc. An attack typically encrypts the files on the server making them inaccessible.
Cybercriminals are usually after a payout in order to release the data to its rightful owner. Hence the name ransomware.
What happened to Garmin’s servers?
Garmin servers went down two days ago at around 5am London time and have been down ever since. When we reported originally on this story we were convinced it was a simple server outage. These happen from time to time and Garmin experienced them last on July 9th, June 30th and April 13th. However they lasted briefly and were not noticed by most people.
Essential reading: Top fitness trackers and health gadgets
The situation is, however, quite different this time. Not only has Garmin Connect gone down rendering the smartphone app useless, but the website dashboard is also not working. Many other services such as the company’s website, forum and even its call centres have been hit.
Garmin has issued a short tweet saying they are “experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time.”
But is this really the case? No service window is allowed to last this long!
Rumours of a ransomware attack
The original rumours that this is more than a simple server outage came from iThome, a Taiwanese tech news website. They apparently received word the incident was caused by a virus. The site even shared an internal memo from Garmin’s IT staff.
The email was sent its Taiwan factories, announcing two days of maintenance mode planned for July 24th and 25th. Which means the production line is expected to be shut down for two days.
ZDNet says that several Garmin employees took to social media to share details about the situation. It didn’t share its sources, but according to the news agency the employees called it a ransomware attack. It would certainly explain why the servers have been down for so long. This kind of digital hold up can really happen to anyone.
Apparently some of the tweets even named the strain of the virus as WastedLocker. This is a new ransomware locker that has been in use since May 2020.
The latest confirmation of this comes from BleepingComputer. They’ve spoken to an unnamed Garmin employe who confirmed there has, indeed, been a WastedLocker ransomware attack. He apparently learned of the situation when he come into work early on Thursday morning.
When they saw what was happening, Garmin’s IT department tried to remotely shut down the system but were unable to do so. Files on all the computers in the system were being encrypted, even on home computers that were remotely linked to the servers. This is when Garmin decided to shut everything down in order to prevent the virus from spreading.
The Garmin employee has even shared a screen-shot, where you can see the .garminwasted extension appended to files names (pic on the right).
BleepingComputer did some further research and were even able to uncover the Garmin ransom note (shown below). One of their sources said the Russian group behind the attack is demanding a $10 million ransom.
Some services are coming back up
But there are some signs of life. For example, you can purchase items off the Garmin website now, something you were not able to do at the start of this whole thing. If you go to the website dashboard to sign in on Garmin Connect – you now get a dialog. And finally, there seems to have been some movement with the Garmin Connect app. Although you still can’t sync or access your data, the app attempts to do so.
Garmin has not commented officially on rumours of the ransomware attack. The code is still red but at least we are seeing some services starting to return.
The latest development is that the company has issued a FAQ on their website regarding the “outage”. Her it is below.
Like this article? Subscribe to our monthly newsletter and never miss out!