The services of the Garmin company have largely been down since Thursday, devices such as fitness trackers and navigation computers can no longer connect to their server and synchronize data. First, the company had briefly confirmed on Twitter that there was a major failure, now there is also an official statement on the incidents on the company’s website. The company itself does not provide confirmation of a ransomware attack, but the BleepingComputer website claims to have learned that Garmin was the victim of the WastedLocker malware.
Confirmation of failures and a status website
Don’t miss any news! With our daily newsletter you will receive all heise online news from the past 24 hours every morning.
Subscribe to the newsletter now
On a specially set up English language website Garmin confirms that the company’s services including Garmin Connect and flyGarmin are not available and therefore devices cannot fully use these platforms. In addition, the entire support had failed, and there are currently no calls, no e-mails and chat messages.
In a short FAQ section, Garmin reassured users that, despite the GarminConnect failure, affected devices would initially save their data locally and upload it later as soon as the service was available again. Incidentally, the emergency call function via the inReach service is not affected by the failure. Garmin currently sees no signs that customer data (device activity data, payment and personal information) has been affected by the incident. On a separate status website users can find out which services are online again.
Ransomware ‘WastedLocker’ is said to have raged
The website BleepingComputer reports, it has now been confirmed that Garmin has been hit by the ransomware ‘WastedLocker’, which encrypts all files that can be accessed locally and on the Internet and demands a ransom for decryption. The failure reported on Thursday is due to the fact that the company shut down its services and call centers in the wake of the ransomware attack. BleepingComputer publishes screenshots of computers at Garmin to show the work of ‘WastedLocker’ and relies on two anonymous sources, a Garmin employee and a person who is familiar with the processes.
According to the report, the malware was noticed on Thursday morning and the IT department was still trying to remotely shutdown as many systems as possible to prevent them from being infected, which then caused the services to fail worldwide for users. Employees’ computers connected via VPN are also said to have been affected. According to a source from BleepingComputer, the attackers are expected to demand a $ 10 million ransom for decrypting the data, but this has not been confirmed.
The new surfaced ransomware ‘WastedLocker’ is attributed to the Russian group ‘Evil Corp’, which is also responsible for the malware ‘Dridex’.