Garmin hack: Firm confirms it was subject of cyberattack but says customer data safe

Posted on 28 Jul 2020 by James Devonshire

American GPS and smartwatch maker Garmin says it was the victim of a cyberattack last week that encrypted some of its systems and caused its services to be unavailable for at least three days.

Since Monday, Garmin product owners have been able to use some services, although others remain in a “limited” state.

Despite the service outage being attributed to a cyber attack, Garmin says there is no indication that any customer data, including payment information from Garmin Pay, was “accessed, lost, or stolen”.

Some Garmin customers have confirmed that services appear to be working once more, albeit in a partial capacity. Garmin says that users of its products do not need to worry about their workout data being lost as any information stored locally on devices will be uploaded to Garmin Connect once services are fully restored.

The Garmin Connect status page shows which of the firm’s services are available and which are still being worked on.

Russian cybercriminal gang ‘Evil Corp’ suspected perpetrators

However, there has been a lot of speculation that Garmin was hit with a ransom demand of $10m, something the firm has yet to comment on in any of its statements.

The hack is thought to be the latest in a string by a Russian cybercriminal gang which calls itself “Evil Corp”. The group’s alleged leader, Maksim Viktorovich Yakubets, has a $5m bounty on his head from the FBI — the highest ever offered for a cybercriminal.

The malware involved in the Garmin hack was Wasted Locker, a program first seen in the wild in May this year. Wasted Locker infiltrates a company’s network and encrypts essential files before demanding a ransom in exchange for the decryption key.

What remains unknown is whether Garmin submitted to the alleged ransom demand. The firm has somehow decrypted the infected files, which means it obtained the correct key. But did it pay to get it?

In addition to customers, stakeholders and security experts, US authorities will also be keen to understand the exact details surrounding the Garmin cybersecurity incident.