Garmin is one of the biggest players in fitness tracking wearables and has a substantial user base across the globe. Many passionate fitness enthusiasts are dependent on Garmin’s online services to keep them up to date with their fitness activities.
However, on 24 July, many Garmin users were left agitated as they could not access its online services due to a ransomware attack that forced Garmin to shut its online operations.
According to a Bleepingcomputer report, the outage was caused by WastedLocker ransomware.
The company immediately tweeted out an apology and said it was working on resolving the issue.
What All Went Down?
The outage also affected the company’s call centres and they were not able to receive any calls, emails and text messages from their customers.
Though Garmin didn’t issue a notification, the report also mentions that Garmin’s flyGarmin website was also down which resulted in apps like Connext Services and Garmin Pilot Apps to not function.
This is Garmin's web service that supports the company's line of aviation navigational equipment.
The company is in the process of deploying a multi-day repair plan to get services back online. This also includes shutting down its official website, its Connect user data syncing service and many other services in Asia.
WastedLocker Ransomware The Culprit
Initially, Garmin had not accepted that the issue was due to a ransomware attack but later it was confirmed by company sources.
As per the report, the Garmin IT department had tried to remotely shut down all the computers on the network including home computers using VPN as these devices were being encrypted by the ransomware.
After unsuccessful attempts, the employees were told to shut down any computers connected to the network.
In an image shared by Garmin employees, the .garminwasted extension was appended to the file's name, and hackers had left ransom notes for each file.
These ransom notes that are being generated by the encrypted files are addressed to Garmin. The report also says that the hackers are asking for $10 million as ransom.
What Does This Mean For Garmin Users?
As of now, Garmin has not confirmed that any user data has been leaked in this attack. The WastedLocker ransomware has just encrypted the company’s files which also includes user data.
Medical data like heart rate and even location data of millions of users are at risk of being compromised.
Some of these users work in the military and many are pro athletes who have their workout data on these servers which is why it is key for Garmin to resolve this issue as soon as possible.
If not resolved and Garmin do not pay the ransom the hackers can auction the database on the dark web. Various parties would be willing to pay top dollar to get their hands on such critical data.