Wearable device maker Garmin has been confronted with a global service outage. The incident began around 23 July and continued through the weekend. Several sources with direct knowledge of the incident now confirm that the disruption has been caused by a WastedLocker ransomware attack. Garmin has not yet confirmed this.
Garmin Services Offline
Since late last Wednesday, Garmin has been suffering from a lack of connectivity. Millions of users are affected. The outage does not only concern fitness products, but also the InReach satellite communications service and the flyGarmin pilot service. Pilots use flyGarmin Pilot apps to plan and manage their flights.
Garmin self-reported the fault on Twitter last Thursday. Initially, Garmin tried to brush off the incident as a maintenance issue, stating that they were “working to restore systems as quickly as possible and apologize for the inconvenience”.
Little more has been said by Garmin about the incident thus far. On Saturday 25 July Garmin posted a brief Q&A on their website, explaining that:
- Data is stored on devices and will once again appear in Garmin Connect once syncing resumes
- InReach SOS and messaging remain fully functional, however, Garmin Sign is currently unavailable
- There is no indication that the outage affected users’ data, activity, payment or other personal information linked to Garmin Connect
Garmin reports that it is trying to resolve the situation as soon as possible. The company website is accessible, however, the helpdesk is not. Moreover, Garmin is still unable to receive online chats or emails and has only partially solved their call center’s availability problem.
WastedLocker Ransomware Named as Culprit
Several media firms have contacted Garmin with questions as to whether the outage is the result of a ransomware attack and whether any customer or employee data has been compromised. Gamin has not revealed any more details about the outage, citing the ongoing investigation.
According to security experts, an outage of this length is almost certainly the result of something much more severe than a maintenance issue. The most likely cause of a global shutdown of the company’s servers, call centers and even production lines for such an extended period of time, is ransomware. Screenshots circulating online seem to confirm this.
Security research website BleepingComputer published screenshots, allegedly sourced from Garmin employees, featuring locked files with file names including the words “GarminWasted”. There are also screenshots showing ransom amounts being demanded for unlocking each file.
WastedLocker is a new strain of ransomware that appeared earlier this year. It does not seem to have the capability to steal or pull data from locked files. This means that if Garmin has backed up all of their data correctly, they should be able to get their systems back online without further worry. However, Garmin has not yet confirmed any of this. Also, it is not clear when all their services will be active again.
Meanwhile, the clock is ticking. Garmin is scheduled to report its second-quarter 2020 results on Wednesday 29 July.