Last week, Garmin suffered major outages of many of its services, including its website, call centers, and its fitness tracking app, Garmin Connect. On Monday, the company acknowledged that its systems had fallen victim to a cyber attack.
Ransomware was rumored to be the cause of the Garmin blackout, which seemed to be corroborated by a leaked internal memo last Friday. A spokesperson seemed to confirm this in a press release, saying that “[Garmin] was the victim of a cyber attack [sic] that encrypted some of our systems.”
The company was able to get some functionality back online as of Monday morning. Owners of Garmin’s fitness trackers are relieved to be able to sync with servers again, but some of the systems are still down. Garmin said that it has begun “remediation” and would have all services back up within the next few days.
Whether remediation means giving in to ransom demands, Garmin didn’t say. However, it did mention that it did not expect the attack to affect its continued operations or financial results. Some users were concerned that their data might have been compromised, but the company says that there is no indication that this is the case.
“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost, or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.”
The ransomware is reportedly a new strain of malware called WastedLocker from a group known as Evil Corp. Malwarebytes detailed WastedLocker earlier this month. Evil Corp first deployed the malware in May and generally asks for a considerably hefty ransom.
“Ransom demands are steep,” said Malwarebytes. “Evil Corp has been using WastedLocker to request ransoms in the range of millions of USD, with some demands going above $10 million.”
If you would like to track the status of affected Garmin services, the company has a status page posted showing which systems are fully back online and those still suffering limited functionality.