Support road.cc

Like this site? Help us to make it better.

news

Garmin ransomware attackers said to be demanding $10 million

Garmin Connect still down – but there’s a workaround to upload to Strava

Various Garmin websites and services remain offline and there is still no official explanation why. It is being widely reported that the US firm has fallen victim to a ransomware attack with information security website Bleeping Computer reporting the hackers are demanding $10 million.

On Thursday, Garmin users throughout the world discovered they were unable to access the Connect service through which rides and runs are uploaded from devices.

Those signing into the site are currently greeted by a message reading: “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

As well as its official website and Connect data-syncing service, the issue is also said to be affecting Garmin's aviation database services and several production lines in Asia.

Despite the prolonged downtime, the firm has yet to comment beyond two perfunctory tweets repeating the message above.

Bleeping Locker says it has heard from a source close to the Garmin incident response and also a Garmin employee who both said the firm has fallen victim to a WastedLocker ransomware attack.

The WastedLocker malware was developed by the somewhat unsubtly named Evil Corp, a Russian-based cybercriminal group.

The software encrypts the files of the infected host. In this case files are being appended with the .garminwasted extension with ransom notes created for each file.

One source said the attackers are demanding $10 million, but this has not been verified.

Garmin is said to have shut down all devices hosted in a data centre and asked employees to shut down any computer on its network.

Strava workaround for Garmin users

While many features on Garmin devices cannot currently be used, data saved on them has not been lost.

Rides recorded on a Garmin smartwatch or bike computer will remain on your device unless you delete them.

They can also be posted to services such as Strava manually by connecting to a computer via USB, downloading the .fit file from the activities folder, and then uploading it from the computer to the website.

On Strava, there's an option to upload activities manually from a drop-down menu that appears on the top right on the desktop site, and on the top left on their mobile app.

You can find more detailed instructions on the Strava website.

Alex has written for more cricket publications than the rest of the road.cc team combined. Despite the apparent evidence of this picture, he doesn't especially like cake.

Add new comment

13 comments

Avatar
LetsBePartOfThe... | 3 years ago
0 likes

hey Garmin, you did make a daily back-up of all our activity records ready for disaster recovery - right ?

Avatar
Hirsute replied to LetsBePartOfTheSolution | 3 years ago
2 likes

You did make your own copy ?

Avatar
LetsBePartOfThe... replied to Hirsute | 3 years ago
0 likes

Yes of course  

you already know how ultra cautious I am  1

Avatar
Awavey replied to Hirsute | 3 years ago
0 likes

yep, its called Strava

Avatar
Chris Hayes | 3 years ago
0 likes

Have to say, as a long-term user I'm not really missing Garmin.  My current model might well be my last... 

Avatar
risoto | 3 years ago
0 likes

Next target: Strava. Time to enjoy the ride instead of the numbers  1

PD Be VERY careful about trying to sync with Garmin. If any of your files on Garmin's servers are infected, your computer files are next upon syncronizing. 

Avatar
IanEdward replied to risoto | 3 years ago
5 likes

You realise it's possible to enjoy the ride AND the numbers, yeah? 😉

Enjoy ride, home, shower, coffee, enjoy dicking about with Strava for 10 minutes. Win-win!

Avatar
FlyingPenguin replied to risoto | 3 years ago
0 likes

Yeah, that's not how it works.  Your devices are incredibly unlikely to be infected on connection, these sorta things generally propagate via vulnerabilities in common (and well understood) protocols used by PCs and servers the world over.

To infect a Garmin device (as opposed to the, presumably, COTS hardware and software the central Garmin services run on)  would require an attacker to identify an arbitrary code execution (i.e. run what you like, in this case encryption) vulnerabilty on Garmin devices.  That would mean far too much time looking at protocols only used between Garmin devices and servers that would be better spent attacking other companies.

Even cyber criminals are driven by return (in £) on investment (in both time and £).  Encrypting your GPS device is highly unlikely to result in a worthwhile payoff.

Avatar
hawkinspeter replied to FlyingPenguin | 3 years ago
0 likes

Once an attacker has been able to infect Garmin's network, they could presumably include a payload into the various Garmin devices' firmware and then push it out as a software update. Then, when the device is next connected, it could quite easily infect the host PC (there doesn't tend to be much security between a PC and a Garmin connected via USB).

Of course, that would be annoying, but it could be a big pay-day if they go after all the aviation based Garmin devices/owners.

Avatar
FlyingPenguin | 3 years ago
1 like

Well if it's WastedLocker, then that puts it in the category of "targeted and professional". 

On the positive side, Evil Corp don't have a track record of exfiltrating and publishing data (so your credit card details aren't going to be sold on the internet), however on the negative side, you can safely assume that the backups and failover systems were also deliberately targeted and they've done everything technically possible to prevent Garmin just hitting the proverbial "restore from backup" button, it's going to be a hard fix and will take them some time.

Useful summary of what they are facing is here: https://blog.malwarebytes.com/threat-spotlight/2020/07/threat-spotlight-...

Avatar
Srcw replied to FlyingPenguin | 3 years ago
0 likes

Seems they do target backups, but can't destroy tape.

If your in the game, you know nothing is safe, ever. Just the will to target an insider and how long that takes. Bit like a bike lock.

Not sure you should be reassuring people about their payment details. If I was garmin customer, Id have ordered a replacement card (assuming this is the only payment data and not account details).

Avatar
Tom_77 | 3 years ago
3 likes

Evil Corp?

Avatar
Must be Mad replied to Tom_77 | 3 years ago
1 like

Its a reference to 'Mr Robot'.

Latest Comments