[BreachExchange] Garmin services and production go down after ransomware attack

Destry Winant destry at riskbasedsecurity.com
Mon Jul 27 10:03:50 EDT 2020


https://www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/

Smartwatch and wearables maker Garmin has shut down several of its
services on July 23 to deal with a ransomware attack that has
encrypted its internal network and some production systems, ZDNet has
learned.

Everything you need to know about ransomware: how it started, why it's
booming, how to protect against it, and what to do if your PC is
infected.

The company is currently planning a multi-day maintenance window to
deal with the attack's aftermath, which includes shutting down its
official website, the Garmin Connect user data-syncing service,
Garmin's aviation database services, and even some production lines in
Asia.

In messages shared on its website and Twitter, Garmin said the same
outage also impacted its call centers, leaving the company in the
situation of being unable to answer calls, emails, and online chats
sent by users.

The incident didn't go unnoticed and has caused lots of headaches for
the company's customers, most of which rely on the Garmin Connect
service to sync data about runs and bike rides to Garmin's servers,
all of which went down on Thursday.

But in addition to consumer wearables and sportswear, flyGarmin has
also been down today. This is Garmin's web service that supports the
company's line of aviation navigational equipment.

Pilots have told ZDNet today that they haven't been able to download a
version of Garmin's aviation database on their Garmin airplane
navigational systems. Pilots need to run an up-to-date version of this
database on their navigation devices as an FAA requirement.
Furthermore, the Garmin Pilot app, which they use to schedule and plan
flights, was also down today, causing additional headaches.

When ZDNet reached out for comment earlier, a Garmin spokesperson
declined to confirm that the outage was caused by a ransomware attack,
citing an ongoing investigation, and they redirected us to a message
the company had shared on its website and Twitter profile.

Top 5 tactics to combat breaches

With everyone working remotely, its more crucial than ever to make
sure sensitive data doesn't fall into the wrong hands. In this eBook,
deep dive into IAM (Identity and access management) tactics to create
an effective defense to keep your data secure.

White Papers provided by One Identity

However, since the incident took root at around 03:00am UTC, several
Garmin employees took to social media to share details about the
attack, all calling it a ransomware attack. ZDNet has interviewed
several and confirmed their claims. Employees from across two
continents were told by their local IT staff on Thursday to shut down
computers as ransomware was being spread across several branches, via
its interconnected internal network.

Some Garmin employees speaking online attributed the incident to a new
strain of ransomware that appeared earlier this year, called
WastedLocker. ZDNet has not been able to verify this particular claim.

However, the incident appears to be much larger and more devastating
than Garmin indicated via its initial statement.

iThome, a Taiwanese tech news dedicated to IT topics and smart
devices, shared an internal memo that Garmin's IT staff sent its
Taiwan factories, announcing two days of maintenance mode planned for
Friday and Saturday, July 24 and July 25.

While the memo didn't specifically blame the impromptu maintenance
mode on a ransomware attack, sources told the Taiwanese news site the
incident was caused by a "virus" confirming what we were told by
employees.

In today's cyber-security landscape, only ransomware attacks have the
destructive power to cause companies to shut down production lines,
online services, websites, email servers, and call centers in a matter
of hours and enter into an impromptu maintenance mode.

The reach of the infection remains unknown to third-party observers.
Besides home consumer-grade wearables, sportswear, and smartwatches,
Garmin also provides mapping and tracking solutions/equipment for the
automotive and maritime industry. The impact of the ransomware attack
on these services remains unclear.

It also remains unclear if any customer data has been lost or stolen
during today's incident. Over the past several months, ransomware
gangs have modified their modus operandi to also include data theft
besides file encryption.

Until Garmin manages to restore its services, users have now taken to
social media sites to share tips with each other on how to save run
and bike ride information to Garmin partner services, such as Strava,
to avoid losing workout information.


More information about the BreachExchange mailing list