Some Garmin services have been restored, and many reports assert that the issue was caused by a ransomware assault

Some of Garmin’s services, including its website, are gradually making their way back online. It has been speculated that a ransomware assault caused the servers belonging to the organisation to become inaccessible more than two days ago. According to a single source, cybercriminals are asking for a ransom of ten million dollars.

The question now is, what precisely is a ransomware strike? 

Ransomware is capable of infiltrating a network and instantly encrypting files once it does so. The virus, which masquerades as a genuine file, inserts executable files of malicious software onto the system of the victim, where they immediately begin wreaking havoc. During an assault, the files that are stored on the server will often get encrypted, rendering them unavailable.

In most cases, cybercriminals are looking for a payoff in order to hand over the data to the person who is legally entitled to it. That’s why it’s called ransomware.

What took place with Garmin’s server infrastructure? 

The servers for Garmin fell almost two days ago, at about 5 am London time, and have remained offline ever since. When we first reported on this story, we were under the impression that it was just a routine server malfunction. These occur on a random basis, and the most recent ones that Garmin has encountered were on July 9th, June 30th, and April 13th. However, they only lasted a short while, and the majority of people were oblivious to them.

On the other hand, the circumstances are very different at this moment. Not only has Garmin Connect become inaccessible, leaving the mobile application unusable, but the internet dashboard is also currently inoperable. A great number of other services, including the website, forum, and even the call centres of the corporation, have been affected.

A brief tweet from Garmin stated that the company is “experiencing an outage that impacts Garmin Connect,” and as a result, both the Garmin Connect site and the Garmin Connect mobile app are now inaccessible.

But should we actually take this into consideration? This length of time is not permitted for any service window!

There have been whispers of a ransomware assault

iThome, a Taiwanese website that covers technology news, was the source of the initial reports that this is more than just a normal server downtime. It would appear that they were informed that the occurrence was brought on by a virus. Even an internal note from Garmin’s IT department was made available on the site.

The factories in Taiwan received the email, which said that there will be maintenance mode for two days starting on July 24 and continuing on July 25. This indicates that the production line will most likely be out for a period of two days.

According to ZDNet, a number of Garmin workers have taken to social media in order to offer information on the incident. According to the news agency, the employees described the incident as a ransomware attack; however, the company did not divulge its sources. It is possible that this might explain why the services have been down for such a long time. Everyone is susceptible to experiencing this type of electronic hold-up at some point.

It would appear that some of the tweets even referred to the specific strain of the ransomware as WastedLocker. The ransomware locker in question is very new and has only been in use since May 2020.

The most recent evidence supporting this assertion comes from BleepingComputer. They have had a conversation with an employee of Garmin who requested anonymity but confirmed that a WastedLocker ransomware assault has taken place. It would appear that he became aware of the situation when he arrived at his workplace early on Thursday morning.

When the IT personnel at Garmin realised what was going on, they attempted to remotely turn off the system; however, they could do nothing about it. All of the computers that were a part of the system, even those in people’s homes that were connected to the servers through a remote connection, had their files encrypted. At this point, Garmin made the decision to terminate all operations in an effort to stop the infection from spreading further.

Even a screenshot, showing the .garminwasted extension applied to file names, was provided by the Garmin employee and shared with the public (pic on the right).

After conducting more research, BleepingComputer was successful in locating the ransom letter for the Garmin device (shown below). According to one of their informants, the Russian organisation that carried out the attack is seeking a ransom of ten million dollars.

This is so eerie!

However, there are indications that life still exists. You, for instance, are now able to buy things directly from the Garmin website, which is something that you were unable to do when all of this first started happening. You will notice that there is a new dialogue box when you go to the online dashboard to sign in on Garmin Connect. And last but not least, it appears that there has been some progress made with the Garmin Connect app. The software will continue to make an effort to sync and access your data even when you are unable to do so.

There has been no official remark made by Garmin on the allegations of the ransomware attack. Even if the code is still in the red state, at least some of the services are beginning to come back up.

Leave a Reply