Garmin hostage of a ransomware for a weekend

A computer attack has put systems and data out of the company that manufactures wearable devices for athletes

Garmin warns its users of the disservice that has affected its computer systems (screenshot from Garmin) Millions of fitness devices Garmin remained disconnected from the network for a full day after the Kansas City company's computer systems were taken hostage by a ransomware attack. The cyber attack that hit the US company appears to have been resolved and the devices are returning online in these hours.

The attack

The device blackout begins on Friday 24 July, when some users report the inactivity of their sports smartwatches to the company. The data collected did not appear in the Garmin Connect application. At first the problem was connected to a malfunction of the company servers but then the company realized that the situation was worse than a technical failure.

This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)

- Garmin (@Garmin) July 23, 2020



Employees could no longer access company emails and call centers were out of order. The only communication channels were profiles on social networks and the website. According to initial analyzes, criminals have managed to pierce Garmin's systems thanks to a vulnerability identified on one of the corporate servers of the Taiwan office. The ransomware initially infected the local network and then spread across Garmin's infrastructure.

ransomware

According to Zdnet and TechCrunch the service interruption was caused by a new strain of ransomware named WastedLocker . The ransomware would hit the company and already from Wednesday, July 22, but would have started to criptarne files and block the computer systems on Friday, crippling the company in the weekend. Like other ransomware, WastedLocker, infects the computers of a corporate network sequestrandone the file and ask users for ransom , typically in bitcoin, to get the restore of the file.

researchers Malawarebytes however, after studied the virus in may, have found that the ransomware has not yet the power to steal or exfiltrating the data before to encrypt the files of victims. Essentially, the virus acts as a simple still image that paralyses the systems, without, however, affecting the file. This means that as long as cybercriminals will evolve the ransomware, the company affected may be able to recover their files without the need of paying a ransom, but simply by restoring the backup files. Without a backup, unfortunately, some of the companies are the victims of WastedLocker have had to face redemptions in the order of $ 10 million . Fortunately, Garmin had a backup ready to restore, and, as highlighted in The Verge , his services are coming back online.