FOLLOW US

American multinational GPS and wearable device maker Garmin Ltd. shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, widely thought to have been caused by a WastedLocker ransomware attack.

In addition to consumer wearables and sportswear, flyGarmin was also down on Thursday. This is Garmin's web service that supports the company's line of aviation navigational equipment.

It is being widely reported that the cybercriminals, Evil Corp, are demanding $10 million dollars. On Sunday, July 26, there was no indication of whether or not the ransom will be paid. All systems still appeared to be locked down at Garmin. 

While Garmin didn't disclose it in their outage alerts, it was reported on the Bleeping Computer website that multiple flyGarmin services used by aircraft pilots also went down. 

WastedLocker ransomware attack shuts down Garmin

Early reports state that the attack started in Taiwan. iThome published a report about a 'virus' attack affecting the company's internal IT servers and databases. 

Garmin Taiwan factories were forced to shut down production lines for two days on July 24 and 25. There is no confirmation that they have returned to work yet.

The company announced on its website that the customer service system, map software updates, is temporarily suspended due to system maintenance. The company-wide shutdown coincides with what seems to be a global outage for Garmin Connect and other connected services.

Garmin has made little public comment on the problem. On Thursday, the company issued a tweet saying “we are currently experiencing an outage that affects Garmin Connect,” adding that the outage “also affects our call centers and we are currently unable to receive any calls, emails, or online chats.”

They have since released a statement confirming they were victims of a cyberattack, but offered assurances that at this time they do not believe customer data was accessed, lost, or stolen.

"Garmin Ltd. was the victim of a cyber attack that encrypted some of our systems on July 23, 2020," said Garmin, "As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation."

Evil Corp's uses WastedLocker ransomware

BleepingComputer was the first to report that Evil Corp operators used WastedLocker ransomware to encrypt systems on Garmin's network, which led to a significant worldwide outage of multiple services and products.