Garmin in check: WastedLocker blocks everything

The situation in Garmin continues to not unlock: the group is still stationary and users are still without the canonical services for which they have relied on the group's devices and servers. In the meantime, confirmations have arrived: people informed of the facts would have certified that the attack suffered was that WastedLocker of which there was already rumored, although it is still not clear how the attack could have released so widely within a large and organized group like Garmin.

Garmin hit by WastedLocker: what does it mean?

An attack of this type implies the impossibility of accessing one's own files, which are suddenly encrypted and therefore placed under seizure. To be able to "free" them and get them back, there are three possibilities:

have a backup available, such as to be able to empty the affected memory units and restore their image through the available copies; pay a ransom, the amount of which for a group like Garmin could even reach 10 million dollars (clearly in cryptocurrency); free the files by inserting the right security key, however extremely complex and not always possible: in this case it is definitely an option to be discarded since after two days everything remains stuck to the initial situation. An attack with WastedLocker, however, should not involve privacy issues since user data would not be collected: it is something different, created for the purpose of extortion and not to take possession of data on which to profit. From this point of view, users can therefore rest assured: the consequences will have heavy consequences "only" on Garmin itself.

even Though Garmin Connect is not accessible, the activity data collected by Garmin devices during the outage are stored on them, and they will appear in Garmin Connect on the next sync.

there is no indication that the outage has affected the user data, including activities, payments, or other personal information.

current

With a FAQ page , Garmin has wanted to clarify the situation.

We are currently experiencing an outage that affects some of our services, including the app Garmin Connect, and Garmin Pilot. Following the break, some functionality on these platforms are not available at the moment. The interruption also affects the customer service call center and, as a result, at the moment we are not able to receive calls, e-mail or chat online.

We are working to restore our systems as quickly as possible and we apologize for the inconvenience. We will provide further updates as soon as they become available.

With a notice board on the status of the various services has also wanted to provide a snapshot of the services, waiting for you can restore it. In the moment in which we publish, however, the picture is laconic: all the services involved (from Garmin Connect to Strava, going to Garmin Coach, Device Registration, and many others) are currently still.



Clearly, the authorities deny us the opportunity to pay the ransom because this would feed further interest in carrying out attacks of this type. Garmin will at some point, however, deal with the situation to see if he has or has not the ability to ignore the threats of ransomware and be able to restore the services without paying anything. In the meantime, users will have to train by doing without the assistance of the group, but is probably only a matter of time again: in one way or another Garmin has the need to unblock the situation because the Stock market does not forgive and the risk of paying very dearly for this problem.