Garmin Web-Based Utilities Down After Suspected Attack (Updated)

On Monday, July 27, 2020 Garmin officially announced it was the victim of a cyber attack that encrypted some of its systems during the previous business week. The data outage spread across nearly all of Garmin's consumer markets, stopping the flow of data between Garmin devices and its cloud storage network. This included flyGarmin and its website, plus the Garmin Pilot app. That in turn shut down flight planning on Garmin's platform, halted nav data downloads and locked out electronic logbook data.

Multiple markets were relieved when data started flowing again early Monday. And with safety-of-flight critical data mostly back, Garmin addressed consumer identity concerns from the attack.

"We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen," it said in the statement. It said affected systems are being restored and expects its systems will return to normal in a few days.

Forbes is reporting Garmin has been told by ransomware hackers to pay $10 million to restore the accounts of millions of users worldwide who have been without cloud-based services since Friday. Quoting BleepingComputer, Forbes says Garmin's systems were taken down by the WastedLocker ransomware and it cut quite a swath through the company's extensive list of cloud accounts.

Pilots who use Garmin's web-based planning tools, including flyGarmin and FltPlan.com, as well as syncing functions inside the Garmin Pilot app, had been severely affected by a massive outage that began on July 23, 2020. Many of Garmin's key "cloud" systems were down most of Thursday, but by Friday morning (July 24), several of the company's Connext services had been restored, including phone and SMS features sent via Iridium satellite devices. Some flight plan filing features and account syncing via Garmin Pilot were still down.

On Friday, Garmin told AVweb that as they work to restore the data, users will likely still experience degraded performance in flight planning and even with database concierge utilities, and it's likely that various services will come back and others go offline as the company acts to restore service and implement data-recovery procedures. That turned out to be true.

The outage also affected Garmin's call centers, and the company was unable to receive phone calls, emails and chats on Friday. Web-based forums were also down.

Aviation users aren't alone—the outage also affected the Connect utility used by Garmin fitness devices. This hinders syncing the device with the Connect app, and all the sports training logs you've stored in the fitness platform vanish. We can attest to losing a lot of training data, and are pleased to now have it back!

WastedLocker is a relatively new type of ransomware run by a malware exploitation gang called Evil Corp. It is believed to be based in Russia according to Malwarebytes Labs. The ransomware works differently from others and can be tailored specifically to the security set up at an individual target, usually large companies in the U.S. and a few in Europe. The malware encrypts each file and uses the name of that file to log a ransom note in the system. Like all malware, it gets into a system through a bogus alert or request that someone with credentials mistakes for a legitimate issue, typing in his or her login. After that, the infiltration is virtually unstoppable and can even affect cloud backups of data.