Ransomware attack paralyzes Garmin's services and production

The company officially speaks of maintenance work lasting several days. Services such as Garmin Connect, Garmin Pilot and flyGarmin are affected. Garmin employees claim that the outages are the result of a ransomware infection.

Garmin has turned off several of its services for smartwatches and wearables. The company is responding to an attack with ransomware, which is said to have encrypted data in the internal network and on production systems. The company is now planning to repair the damage as part of maintenance work lasting several days.

(Image: Datto)Among other things, Garmin will temporarily switch off its website. There are also restrictions for the synchronization service Garmin Connect and Garmin’s flight database service. Some production lines in Asia and the company’s own call centers are also affected. As a result, Garmin is only available to customers to a limited extent.

The company also provides information about the failure of Garmin Connect on its website and in its mobile apps. However, there is only a reference to maintenance work – not to the hacker attack. Also since Thursday, users have had to do without the flyGarmin service and some functions of the Garmin Pilot Apps.

The lack of access to the flight database service also has consequences for pilots and airlines. For example, the US Aviation Safety Agency (FAA) requires pilots to always use a current version of this database on their navigation devices, which is currently not guaranteed. Garmin Pilot, in turn, helps them coordinate flight plans.

When asked by ZDNet USA, Garmin did not want to confirm the ransomware attack. According to information from company employees, cybercriminals should have been able to inject the WastedLocker ransomware that had been active since the beginning of the year – however, there is no independent confirmation of these statements by the employees.

The Taiwanese technology site iThome, however, claims to have learned that maintenance was scheduled for Friday and Saturday, according to an internal circular for Garmin factories in Taiwan. In this, too, there is no mention of ransomware as the cause. However, iThome sources report that the incident was triggered by a virus.

It is unclear whether the attackers also got customer data. It is not uncommon for cyber blackmailers to steal data before encryption in order to use it as an additional means of pressure. In addition, it is not known whether Garmin’s automotive and maritime services are affected.


Leave a Reply

Your email address will not be published. Required fields are marked *