Garmin recently suffered a major outage which was reportedly caused by a ransomware attack.
While the company has declined to confirm the reason for the outage, several Garmin employees have said online they believe the incident was caused by the WastedLocker ransomware.
Additionally, Bleeping Computer has reported that Garmin was asked by what is believed to be Russian hacking group Evil Corp to pay a $10-million ransom to unlock its computers.
The head of Evil Corp, Maksim Yakubets, is the subject of a $5-million FBI bounty and is believed to be behind huge attacks on American companies and the American banking system – with attacks on the latter causing over $100 million in financial damages.
Taiwanese website iThome has reported on an alleged internal memo to Garmin IT staff which claims that company servers had been compromised.
Garmin published the following statement regarding the outage:
Garmin is currently experiencing an outage that affects Garmin services including Garmin Connect. As a result of the outage, some features and services across these platforms are unavailable to customers. Additionally, our product support call centers are affected by the outage and as a result, we are currently unable to receive any calls, emails or online chats.
We are working to restore our systems as quickly as possible and apologize for the inconvenience. Additional updates will be provided as they become available.
The company has also published a set of Frequently Asked Questions to assist its customers.
These are as follows:
- Was any Garmin Connect customer data lost during the outage?
Although Garmin Connect is not accessible during the outage, activity, and health and wellness data collected from Garmin devices during the outage is stored on the device and will appear in Garmin Connect once the user syncs their device.
- I’m an inReach customer. Can I still use SOS and messaging during the outage?
inReach SOS and messaging remain fully functional and are not impacted by the outage. This includes the MapShare website and email reply page. The status for inReach can be found here.
- I have a new Garmin product. When will I be able to pair it with Garmin Connect?
We are working as quickly as possible to restore Garmin Connect functionality. The status of Garmin Connect can be found here.
- Was my data impacted as a result of the outage?
Garmin has no indication that this outage has affected your data, including activity, payment or other personal information.
No surprise – Mimecast
Head of e-crime at Mimecast Carl Wearn said it is not a surprise that another organisation has fallen victim to a suspected ransomware attack.
“It is clear in this instance that the victim has experienced lengthy downtime as a result of this attack, which will, of course, have a massive impact upon the business,” said Wearn.
Wearn said Mimecast research has found that the average downtime an organisation suffers from a ransomware attack is three days, but can extend indefinitely.
“This particular attack is also worrying because of the type of data that could be lost, including both location and personal health data,” said Wearn.
“When consumers trust organisations with this data, it is absolutely vital that it is kept secure. Incidents like these can have devastating consequences for the reputation of an organisation.”
How to protect against ransomware
Wearn said that to minimise the threat of ransomware attacks, organisations must implement resiliency measures to preserve business-as-usual should the worst happen.
“Non-networked backups and a fallback email and archiving process need to become standard security measures if organisations are to significantly mitigate ransomware threats,” said Wearn.
He added that the following measures can be taken to protect against ransomware attacks:
- Individual users can assist by being aware of the potential for unsafe attachments, but should also be wary of clicking any email links received in any communication, as criminals are increasingly utilising URL links rather than file-based attachments to infect networks.
- It is also imperative that remote working software, such as VPNs and any servers are kept up to date in relation to patching, as open-source reporting indicates that ransomware threat actors are increasingly targeting Windows Remote Desktop Protocols (RDP) and exploits to initiate compromise.
- As the more complex threats are often delivered by secondary infection, organisations should also pay particular attention to their patterns of network traffic and data logs to identify any potential compromise.
- There is a potentially short window of opportunity to remediate any initial dropper infection and thereby prevent the further insertion of ransomware.