The computer networks of smartwatch and electronics firm Garmin have been offline for a fourth consecutive day after becoming the apparent victim of a ransomware attack affecting both its aviation and fitness app services – and the hackers are demanding $10million to restore data.
The company said on Twitter that its website and Garmin Connect fitness app had been offline since Thursday. It said the ‘flyGarmin’ site used for aviation databases was also down.
Garmin has still offered no explanation for the outage but security analysts said the reason is likely ransomware, a technique used by hackers to encrypt data and extort funds. Multiple reports indicate that Garmin has been ordered to pay $10 million by Russian cybercriminal group Evil Corp. to release the data.
Garmin is being asked to pay a $10 million ransom after a cyberattack has taken down its systems and apps including its website, pictured, for four days
The navigation company was hit by a ransomware attack on Thursday with customers unable to log their fitness sessions in Garmin apps ever since
The company’s communication systems have also been disabled and it now appears to be unable to respond to frustrated and disgruntled customers
Files shared from a Garmin employee show how a ransomeware file had been attached to each one giving the user details of what to do next in order to retrieve their data
A tweet shows the email address that Garmin workers were told to email in order to restore access to their data
A note from the hackers has been attached to every single data file within Garmin’s systems along with details as to how the company will be able to restore access after paying a ransom
On Sunday night, even the company’s website was unable to load properly.
The security news website Bleeping Computer reported that a source familiar with the incident said Garmin was attacked by the WastedLocker ransomware.
The ransomware attack encrypted the company’s data, and the hackers responsible for the attack have asked for $10 million for the data to be freed up.
Screenshots show lists of the company’s files encrypted by the malware, with a ransom note attached to each file.
An outage map shows just how big of a problem the company’s apps are experiencing
Who are Russian cybercriminal group Evil Corp?
Evil Corp is a Russia-based cybercriminal organization who are believed to be responsible for ransomware attack against Garmin.
The group are known for the development and distribution of Dridex malware which worked to steal confidential information, including online banking credentials from infected computers.
In 2016, it was estimated the group had managed to obtain banking credentials from customers at more than 300 banks and financial institutions in more than 40 countries earning them at least $100 million.
Evil Corp operates as a business run by a group of individuals based in Moscow, Russia.
In December 2019, the Department of State announced a $5 million reward for information leading to the capture of its leader, Maksim Yakubets who is thought to be responsible for managing and supervising the group’s malicious cyber activities.
The ransom note tells the recipient to email one of two email addresses to ‘get a price for your data’.
It is not clear whether any customer data has been compromised, as the tech firm continues to investigate and works to resolve the matter.
Some reports have linked the malware to a Russian cybercriminal group known as Evil Corp.
In December 2019, the U.S. Treasury Department sanctioned Evil Corp after causing more than $100 million in financial damages in the American banking system.
As a result, if Garmin wanted to pay the ransom, the could potentially be found to be breaking United States sanctions.
The ransomware attack has led to a shutdown of many of the company’s systems.
Employees working from home connecting by VPN were also cut off from Garmin’s systems in an effort to halt the spread of the ransomware across its network.
Garmin been largely silent on the outage. On Saturday the company tweeted ‘We are currently experiencing an outage that affects Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.’
Brent Callow, a threat analyst at the security firm Emsisoft, said he had no firsthand knowledge but that it ‘certainly has all the hallmarks of a ransomware incident.
‘There is really no other event that would be likely to cause such widespread disruption and cause a company to immediately shut down everything from its online services to its production line,’ Callow said.
The Garmin Connect software can be seen unsuccessfully attempting to contact the company’s servers to upload fitness data. The experience has frustrated customers
One Twitter user posted a image that showed how their Garmin smartwatch was not able to be updated
Garmin’s online fitness tracking service is offline leaving runners and cyclists unable to upload data from their latest workouts.
Garmin Connect, an app and website that works with the company’s popular line of fitness watches, remained out of service on Sunday. The company apologized for the disruption at the end of last week when it indicated the problem was more widespread and also affected its communications systems.
Garmin Aviation, which provides cockpit navigation and communication services, said on its Facebook page its ‘flyGarmin’ website and mobile app were down.
Fitness enthusiasts took to social media to vent their frustrations about not being able to use the service.
Some Garmin users were furious that the company had not explained the reason for its outage in four days while other mocked those who claimed it was disrupting their exercise routines
Runners said that while the outage doesn’t stop them from training, not being able to use Garmin Connect means they can’t track their workout data or share their routes on Strava, a social network for runners and cyclists.
Atlanta tech executive Caroline Dunn, who runs five days a week and finished the New York Marathon in 2018, said the outage means she and her running friends can’t send each other kudos – Strava’s version of Facebook’s likes – to encourage each other.
‘We’re not doing this for our health, we’re doing this so that we can brag to our friends,’ Dunn said lightheartedly. ‘Now that we’re all social distancing, I don’t run in a group with my friends and they don’t watch me run. I have to brag online to my friends about all of my runs.’
The outage is also preventing athletes from proving that they’ve completed virtual runs that are replacing the many races cancelled because of the pandemic, Dunn said. Runners who use the Garmin system can’t be ranked because they can’t submit GPS data to organizers.
A selection of Garmin’s most popular products is shown above in a file photo
Smartwatch maker Garmin is suffering widespread outages after it was reportedly targeted in a ransomware attack. A notification about the update is seen on the company’s website
Connecticut runner Megan Flood saw the prolonged outage as both a curse and a blessing.
‘It’s frustrating in part because my Garmin is connected to my Strava (fitness app), and I like the community aspect on Strava,’ Flood, 27, said Friday. ‘But sometimes not being so connected to my device is nice. I’ve run some of my best races when I forgot my watch or covered my watch face, so I find there are pros and cons to be so connected to a watch.’
Tech-savvy users shared a workaround: plug the watch into a computer with a USB cable and manually transfer the files.
Some users also complained that Garmin’s lack of communication was a bigger problem.
Some Twitter users were quick to mock the situation Garmin and its wearers find themselves