Garmin has finally admitted that its recent outage was caused by a cyber-attack.<\/p>\n
In an update last week, the company initially said it was \u201cexperiencing an outage that affects flyGarmin and as a result, the flyGarmin website and mobile app are down at this time.\u201d However, following rumors online that the company had actually suffered a ransomware attack, and that it had even paid a $10m ransom, the company has updated its statement to confirm that it suffered a \u201ccyber-attack that encrypted some of our systems on July 23 2020.\u201d<\/p>\n
This resulted in many of its online services being interrupted, including website functions, customer support, customer facing applications and company communications. \u201cWe immediately began to assess the nature of the attack and started remediation.\u201d<\/p>\n
It said there was no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen and the functionality of Garmin products was not affected, and the only damage was to services which were taken offline. \u201cAffected systems are being restored and we expect to return to normal operation over the next few days,\u201d it added.<\/p>\n
According to some reports, sources confirmed that the company had suffered a ransomware attack, and that it had been hit by WastedLocker, which SentinelOne explained was a \u201crelatively new ransomware family which has been tracked in the wild since April\/May 2020\u201d and targets high-value companies.<\/p>\n
Denis Legezo, senior security researcher at Kaspersky, said: \u201cTechnically speaking, WastedLocker is a targeted ransomware, which means its operators come for selected enterprises instead of every random host they can reach.<\/p>\n
\u201cThe encryption algorithms in use are nothing special for ransomware: modern and strong. The ransomware\u2019s operators add the victim company\u2019s name in the ransom messages \u2013 the messages with information about how to contact the malefactors through secure e-mail services and the like. So it’s pretty obvious they know for whom they came after.\u201d<\/p>\n
It was also reported by iThome that Garmin\u2019s IT department sent a notice to various departments in Taiwan stating that internal IT servers and databases were attacked and production lines were also suspended for two days. Later it was rumored that the attackers had demanded a $10m ransom payment, and that Garmin had obtained the decryption key.<\/p>\n
Source: InfoSecurity Group<\/p>\n