It’s day 5 of the Garmin outage and the servers have started to come back up. Garmin Connect is syncing again and the company’s backups seem to have worked just fine. The company has confirmed it was the victim of a cyber attack.
Essential reading: Top fitness trackers and health gadgets
The whole thingamajig started early in the morning on Thursday. Garmin said its servers suffered an outage and we had no reason to believe otherwise.
As hours (days) went by rumours started to appear. Multiple Garmin staff came out on social media to state that there has been a ransomware attack. One source even claimed the bad guys asked for $10 million in order to release the code that would allow Garmin to decrypt the data and restore things to normal. The virus started spreading on the company’s servers as well as computers remotely linked to the system. Garmin did the wise thing and shot the whole operation down.
The Kansas-based company has kept quiet for the most part until it issued a FAQ on its website on Saturday. This implied that client data from Garmin smartwatches and GPS services had not been compromised. It will sit on your smartwatch, the company said, until the servers are back up and then you’ll be able to sync it. It added that there is “no indication” the “outage” has affected your historical data sitting on their servers, or payment information to do with Garmin Pay.
Current status of Garmin services
To the relief of many, it seems that this has turned out to be accurate. The servers are being switched on gradually which makes sense as there is going to be a rush of activity due to days of unsynched data. For example, syncing your Garmin device to the smartphone software works here in London, and there are reports of the same in many other cities and countries.
The sync is slow but there seem to few, if any, gaps in data. It’s worth adding, although you can do most things on Garmin Connect right now, it is not fully functional. Here’s the status as it stands at the time of writing.
Garmin confirms there has been a cyber attack
Garmin has finally confirmed today there was, indeed, a cyber attack. It did not say, though, whether it was a ransomware attack and if the company was the victim of the WastedLocker virus. Here’s Garmin statement in full.
“Garmin Ltd., today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.
Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.”
Hopefully the forensics people did a thorough job. If this was, indeed, a ransomware attack the situation is more complicated than simply restoring the system from a backup. IT staff first needed to figure out how the hackers got into the system and plug any loop holes. It’s super impressive they got the operation up and running in such a short amount of time. While 5 days might seem long, these things usually take much longer.
The other difficulty is figuring out which backup is safe. The virus may have been sitting on the server for days or months before being activated. The attackers could have copied data off the network to use as blackmail.
And it was not as simple as paying the $10 million to Evil Corp, which is rumoured to be behind the attack.
The Treasury also imposed sanctions on Evil Corp, including Yakubets and two other alleged members, for their involvement in the decade-long hacking campaign. By imposing sanctions, it’s near-impossible for U.S.-based companies to pay the ransom — even if they wanted to — as U.S. nationals are “generally prohibited from engaging in transactions with them,” per a Treasury statement.
Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft, said those sanctions make it “especially complicated” for U.S.-based companies dealing with WastedLocker infections.
There are lots of comments on social media questioning why customers are are unable to save their fitness data locally onto their phones and use the Garmin app offline. Perhaps not details for processed sleep data which is done on the server side, but activities, water, weight, steps should all be accessible. Yes, that would be nice. Perhaps something for Garmin’s to-do list.
This is just another in the ever-expanding list of crazy things happening in 2020. Some Garmin customers are trying to make light of the situation while waiting for a normal resumption of services.
For example, Garmin Redditor’s have come up with a suggestion for a “I survived Garmigeddon” badge! If we all like it, only the hours need to be edited… good job!
Like this article? Subscribe to our monthly newsletter and never miss out!