Recent Garmin outage was caused by a WastedLocker ransomware attack
The outage disrupted Garmin’s online services for millions of users including Garmin Connect that helps sync users’ data to the cloud and other devices.
Garmin went down recently leading to its fitness devices being left disconnected for nearly a day and affected the company’s wearables, apps and their call centers. According to two sources who have direct knowledge of the outage, the outage was caused by a ransomware attack.
Garmin’s outage began on Wednesday and carried on through the weekend. It has disrupted Garmin’s online services for millions of users including Garmin Connect that helps sync users’ data to the cloud and other devices. The attack also took down flyGarmin which is the aviation navigation and route-planning service of the company. Portions of Garmin’s website also went offline.
Garmin has said very little about the incident and there is only a banner on the site that states that the company is currently facing an outage that affects Garmin Connect, Garmin.com, their call centers etc. The company says that they are unable to receive calls, online chats and emails for now and are working on resolving the issue.
The company added a brief update on Saturday stating that users’ data in any form has not been affected by the outage.
The two sources spoke to TechCrunch on condition of anonymity, since they have not been authorised to speak to the press, and said that Garmin was working on bringing its network back online. One of the sources confirmed that it was the WastedLocker ransomware that caused the outage. A forum on BleepingComputer.com also confirms that the outage was caused by WastedLocker.
What is WastedLocker?
WastedLocker is a new ransomware that is operated by a hacker group that calls themselves Evil Corp. Detailed by security researchers at Malwarebytes, WastedLocker, like other file-encrypting malware, infects computers and locks users’ files in exchange for ransom, ideally cryptocurrency.
According to Malwarebytes, WastedLocker does not appear to have the capability to steal or exfiltrate data before encrypting victims’ files, unlike other new ransomware. So that essentially means that companies with backup may be able to escape paying the ransom demanded.
Companies without backups have ended up paying ransom of upto $10 million in certain cases.
Evil Corp, the hackers behind WastedLocker, have a long history of both malware and ransomware attacks. Allegedly lead by a Russian national called Maksim Yakubets, the group has used Dridex, which is a powerful password-stealing malware that is known to have stolen more than $100 million from hundreds of banks over a decade. The group also used Dridex later to deliver ransomware.
The Treasury has imposed sanctions on Evil Corp along with Yakubets and two other alleged members, for their involvement in the decade-long hacking campaign.
Thanks to this imposed sanctions, it’s going to be “near-impossible” for Garmin, which is a US-based company to pay the ransom even if they wanted to. As per the Treasury statement, US nationals are generally prohibited from engaging in transactions with them.