If you tried to use Garmin Connect at the end of July, you would have noticed the constant messages about Garmin being down for maintenance/etc. This was a result of a ransomware attack that hit the Garmin systems and took them all down – that includes sales and customer support computers. How did they get it back up again? According to reports, Garmin paid a ransom – a big ransom.
Why Garmin Paid Millions in Ransom (According to Reports)
Link: Garmin Statement about Cyber Attack
This started a couple of weeks ago that the Garmin system was showing a complete outage. Unfortunately, Garmin was not very forthcoming with what was really going on which was a ransomware attack that took control of their systems.
This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)
— Garmin (@Garmin) July 23, 2020
The ransomware locked the Garmin files and said that Garmin had to pay a $10 million ransom to get back control of those files again. In the meantime, people that had bought Garmin watches for things like share ability and online recording keeping and syncing with Strava were becoming really annoyed.
Garmin Outage Affected Aviation Systems, Too
But, worse than the inability for Garmin athletes to share their latest workout with people was the fact that this affected all Garmin systems – including those using in Garmin aviation equipment.
This meant that pilots that could not update their Garmin database on their onboard Garmin navigational system or their Garmin Pilot app. This was causing big problems because it is an FAA requirement to keep their database up to date.
But, People Could Still Workout!
The outage affected the Garmin systems, not the GPS satellites that Garmin watches use to track their workouts. However, if you were online in any running/cycling group, you would have thought that this outage was keeping people from going for a simple run! 🙂
However, strangely enough, there were many reports of Garmin watches not showing distance during a workout. After the workout (which sometimes involved resetting the watch since it was stuck in a Save Activity loop), the distance would be available, just not during the workout. This apparently happened on the weekend and even to the latest, high-end Garmin Fenix 6 watches. I have one and did not have any problems with my watch.
Back to the Ransom…
According to multiple reports, Garmin did end up paying a multi-million dollar ransom in order to get access to those files again. In the end, that was likely a cheap price compared to what would have happened if they had to dump all the files and completely rebuild their entire system. But, you can bet they are spending some serious money now on their security systems to prevent this from happening again…
Here is what Garmin said:
“Garmin was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation.
We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services. Affected systems have been restored and normal operation has resumed.”
I like how they had “no indication” that any customer data (including payment information) was accessed. I wonder how comforting that is to people when Garmin also had no indication that their system was open for such an attack in the first place?
Garmin did not go into detail about what their “remediation” process involved but, again, according to multiple reports, it involved paying off the hackers – after days were spent realizing that there was not anything they could do.
Paying the Ransom
To take it a little deeper, the virus used was called WastedLocker and was apparently developed by a Russian hacking group that the US Treasury had sanctioned last year. Because of this sanction, American individuals and companies are not allowed to participate in transactions with them. According to Sky News, they don’t know if this precludes situations like this.
But, in the end, Garmin actually did not pay the hackers directly anyway. It was reported that they paid it through a ransomware negotiation by Arete IR, a company with skills in this area. This still should have been against the sanctions but, maybe that is what took a while, getting permission from the US Treasury to proceed with this payment.
Arete IR put out a brief saying that they believe there is not a conclusive case to be made that the virus was linked to the Russian hacker group. So, maybe that is why they were not in a position to violate the sanctions?
WastedLocker is a new variant of #ransomware that was initially reported in May and is rumored to have come from the “Evil Corp” group. In this insight, we discuss the four main reasons why Arete experts determined this theory to be inconclusive. (https://t.co/fZUmHCXMMn) pic.twitter.com/hvdMNEEVpe
— Arete Incident Response (@Arete_Advisors) July 24, 2020
Bottom Line
According to Garmin, all systems are back up and they did make a statement about the hack (though not the ransom). I am sure that Garmin is working even now to beef up their security to ensure this does not happen again. After all, the kind of data that Garmin devices collect is very personal (location data, health metrics, etc) and Garmin does not want to have their customer base lose faith in their ability to maintain a secure network for everything Garmin offers.
I’m not getting rid of my Garmin, I do know that!