Smartwatch and wearables maker Garmin has shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems.
The company is currently planning a multi-day maintenance window to deal with the attack’s aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, and even some production lines in Asia.
In messages shared on its website and Twitter, Garmin said the same outage also impacted its call centers, leaving the company in the situation of being unable to answer calls, emails, and online chats sent by users.
The incident didn’t go unnoticed and has caused lots of headaches for the company’s customers, most of which rely on the Garmin Connect service to sync data about runs and bike rides to Garmin’s servers, all of which went down on Thursday.
Image: Victor Gevers
When ZDNet reached out for comment earlier, a Garmin spokesperson declined to confirm that the outage was caused by a ransomware attack, citing an ongoing investigation, and they redirected us to a message the company had shared on its website and Twitter profile.
This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience. (2/2)
— Garmin (@Garmin) July 23, 2020
However, since the incident took root at around 03:00am UTC, several Garmin employees took to social media to share details about the attack, all calling it a ransomware attack.
Some Garmin employees speaking online attributed the incident to a new strain of ransomware that appeared earlier this year, called WastedLocker. ZDNet has not been able to verify these claims during our interviews with Garmin employees, and this remains just speculation, at this point in time.
However, the incident appears to be much larger and more devastating than Garmin indicated via its initial statement.
iThome, a Taiwanese tech news dedicated to IT topics and smart devices, shared an internal memo that Garmin’s IT staff sent its Taiwan factories, announcing two days of maintenance mode planned for Friday and Saturday, July 24 and July 25.
While the memo didn’t specifically blame the impromptu maintenance mode on a ransomware attack, sources told the Taiwanese news site the incident was caused by a “virus.”
In today’s cyber-security landscape, only ransomware attacks have the destructive power to cause companies to shut down production lines, online services, websites, email servers, and call centers in a matter of hours and enter into an impromptu maintenance mode.
Must read:
The reach of the infection remains unknown to third-party observers. Besides home consumer-grade wearables, sportswear, and smartwatches, Garmin also provides mapping and tracking solutions for the automotive, maritime, and aviation industry. The impact of the ransomware attack on these services remains unclear.
It also remains unclear if any customer data has been lost or stolen during today’s incident. Over the past several months, ransomware gangs have modified their modus operandi to also include data theft besides file encryption.
Until Garmin manages to restore its services, users have now taken to social media sites to share tips with each other on how to save run and bike ride information to Garmin partner services, such as Strava, to avoid losing workout information.
to all the people freaking out because @garmin @GarminFitness services have been down for 7+ hours: mount you watch via USB on your computer->browse to the activities directory->take today’s .fit file->manually upload it to a 3rd party service (e.g. strava)->breath
— Marco Abis (@capotribu) July 23, 2020
This is a developing story. More updates will follow.
