Garmin hacked! Ransom of $10 million in cryptocurrency demanded, partial services restored after five days offline
The internationally renowned smart wearable device manufacturer Garmin was recently reported to have been hacked. Previously, Garmin had only announced, "System maintenance is in progress, and some services are temporarily suspended." However, after several days of service interruption, the company finally admitted on Twitter that it had been subjected to a ransomware attack, claiming that some functions have been restored and efforts will continue to salvage the situation.
Table of Contents
Five-Day Service Disruption
Garmin first announced a partial service interruption on its official website on the 23rd of this month in a notice. The impact on users includes the inability to connect to their "Garmin Connect" app, which is used to track user health and fitness data, as well as the suspension of services for other apps such as Garmin Express, Launcher, Garmin Pilot, and flyGarmin.
In addition to the app connectivity issues, even Garmin's customer service center was affected, unable to answer user calls or emails, and the online chat service remained interrupted.
Garmin initially did not mention the cause of the incident, but eventually admitted to a ransomware attack on Twitter, claiming that Garmin Connect has restored connectivity, although some other applications still have limitations.
In an announcement on its official website, Garmin stated that they were victims of a ransomware attack, emphasizing that user's personal data, including payment data processed through Garmin Pay, remained intact without any loss or theft.
Ransomware "WastedLocker"
In its announcement, Garmin did not specifically name the ransomware, but according to a report from the techcrunch publication, information from internal Garmin employees indicated that this incident was indeed the result of an attack from WastedLocker. The employee stated:
On the 23rd, we discovered the attack, where the ransomware attempted to encrypt all data. Our IT department tried to shut down all computers remotely, but after the operation failed, employees were instructed to immediately shut down all network-connected computers that we could access.
WastedLocker is a ransomware developed by the Russian cybercrime group Evil Corp. According to a report by cybersecurity company Fox-IT, this malware has been actively attacking multiple U.S. companies since May of this year, consistently demanding ransom payments of up to $10 million in cryptocurrency from the affected companies.
For Garmin, the dilemma lies in the fact that the U.S. previously announced sanctions against seven companies that had dealings with Evil Corp and its members, making paying the ransom equivalent to funding a criminal group. If the encrypted data is not backed up, Garmin will face a difficult situation.
In addition to initially not mentioning the cause of the service interruption and providing unclear explanations, Garmin's inability to connect customer service has caused dissatisfaction among many users. Furthermore, in 2018, Garmin caused a significant controversy by apologizing to China for "mistakenly listing Taiwan as a country."