Garmin acknowledges cyberattack, doesn't mention ransomware

Garmin confirms a massive cyberattack crippled their systems for five days but doesn’t acknowledge the Playboy Russian hacker behind ‘Evil Corp’ who ‘held them to ransom for $10million’

  • Smartwatch manufacturer Garmin has confirmed that it fell victim to a serious cyber attack that knocked many of its services offline for five days
  • The company fell victim to a ransomware attack known as WastedLocker in which the attackers demanded a $10 million ransom
  • Multiple reports say Russian hacking group Evil Corp was behind the attack 
  • The firm said some of its systems were encrypted by the incident, interrupting its website and call centers, including its ability to receive calls, emails and chats
  • Garmin Connect, the app that users of the company’s wearable devices rely on to sync and monitor their fitness activities, has been significantly hit since 
  • The GPS technology specialist also suffered disruption to its aviation navigational support services FlyGarmin and Garmin Pilot apps

The GPS device maker Garmin acknowledged on Monday that it was victimized by a cyberattack last week that encrypted some of its systems, knocking its fitness tracking and pilot navigation services offline. It said systems would be fully restored in the next few days.

In an online statement, the company did not specify that it was the target of a ransomware attack, in which hackers infiltrate a company’s network and use encryption to scramble data until payment is received. 

However, a person familiar with the incident response told The Associated Press the attackers had turned over decryption keys that would allow Garmin to unlock the data scrambled in the attack. 

Smartwatch manufacturer Garmin has confirmed that it fell victim to a serious cyber attack which knocked many of its services offline for five days 

The Garmin Connect software can be seen unsuccessfully attempting to contact the company’s servers to upload fitness data. The experience frustrated customers 

Garmin has not revealed whether it paid the $10m ransom demanded by the cybercriminal group headed by a 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a customized $250,000 Lamborghini with a personalized number plate that translates to the word ‘Thief’   

Garmin announced that its devices were back online but that there may still be some issues

Files shared from a Garmin employee show how a ransomeware file had been attached to each one giving the user details of what to do next in order to retrieve their data

A tweet shows the email address that Garmin workers were told to email in order to restore access to their data

A note from the hackers has been attached to every single data file within Garmin’s systems along with details as to how the company will be able to restore access after paying a ransom

Garmin has not revealed whether it paid the $10m ransom demanded by a cybercriminal group headed by 33-year-old Russian playboy hacker, Maksim Yakubets, who drives a customized $250,000 Lamborghini. 

In December 2019, the FBI placed a $5 million bounty on Yakubets’ head for information leading to his capture. It is the largest reward being offered for an alleged criminal connected to cybercrime. 

The person spoke on condition they not be further identified.

Tens of millions of people around the world found the firm’s GPS and fitness-trackers, including those used by runners, cyclists and pilots, down five straight days. 

The attack crippled company services including Garmin Connect, which is popular with runners and cyclists for tracking workouts, and the FlyGarmin navigation service for pilots. 

Customers said Monday their services had ‘partially’ returned. One wrote: ‘For the first time in over 4 days, Garmin Connect seems sorta back up. It’s a bit touch and go, but it’s waking up.’ Another added: ‘Took over 5 minutes off my 10k pb this morning. Thank god Garmin is back up and I have proof of it.’ 

A Garmin spokesperson said the company had no comment beyond its statement.

The online cybersecurity news site BleepingComputer identified the malware as WastedLocker, which various security firms have attributed to the Russian cybercriminal gang Evil Corp. 

Services including Garmin connect and Strava were still listed as limited as of Monday

One Twitter user posted a image that showed how their Garmin smartwatch was not able to be updated

The U.S. government announced in December that it was freezing the assets of members of the group.

Olathe, Kansas-based Garmin said Monday that, in addition to GPS-based services, customer support and company communications were also interrupted by the July 23 attack.

‘We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen,’ Garmin said in its statement. The attack also didn’t affect the functionality of any of its products, which include fitness watches, it added.

Ransomware is a growing threat and experts say it will only get worse if victims keep paying ransoms. 

In the U.S. last year, ransomware attacks on state and local governments, healthcare providers and educational institutions alone caused an estimated $7.5 billion in damage, according to the cybersecurity firm Emsisoft.  

The ransomware attack has led to a shutdown of many of Garmin’s systems. 

Employees working from home connecting by VPN were also cut off from Garmin’s systems in an effort to halt the spread of the ransomware across its network. 

Until Monday, Garmin been largely silent on the outage.  

There was no word from Garmin as to whether the company paid the ransom despite multiple questions from users on Twitter

Garmin’s statement  

Garmin Ltd. today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. 

As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. 

We immediately began to assess the nature of the attack and started remediation. 

We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. 

Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Affected systems are being restored and we expect to return to normal operation over the next few days. 

We do not expect any material impact to our operations or financial results because of this outage. 

As our affected systems are restored, we expect some delays as the backlog of information is being processed. 

We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition. 

Source: Read Full Article