Kansas-based wearable technology giant Garmin has suffered an outage last week that caused serious disruptions for its everyday functions and services. While the company has called the incident an outage, it has been revealed that the company has been attacked by the WastedLocker ransomware. The company is known for its GPS technology for automotive, aviation, marine, outdoor and sport activities, and is a competitor for smartwatch developers like Fitbit and Apple.

WastedLocker ransomware is reportedly behind Garmin outage

“We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time,” Garmin’s official Twitter account disclosed the outage on July 23.

Not much information has been revealed about the incident so far, as Garmin only disclosed that they are experiencing an outage that affects Garmin.com and Garmin Connect, as well as their call centers, which prevents the company from receiving any calls, emails and online chats.

Garmin outage was caused by a WastedLocker ransomware attack

However, computer help and cybersecurity news website BleepingComputer revealed that Garmin was a victim of the WastedLocker ransomware. A source with information about the incident told BleepingComputer that after noticing the attack, Garmin’s IT department tried to remotely shut down all computers on the network to prevent file encryption but were unsuccessful. Employees were then told to manually shut down all computers they had access to. Reportedly, devices hosted in a data center were shut down to prevent them from being encrypted as well. The widespread shutdown of devices is apparently what caused the outage.

BleepingComputer revealed that encrypted files had the .garminwasted extension added to them, and the ransom note had the title garminwasted_info. The cybersecurity news site was also able to obtain the ransom note, which did not mention how big of a ransom Garmin is asked to pay. The company was asked to contact ransomware operators via email to find out the ransom sum. There are reports that WastedLocker is demanding $10 million but this information is yet to be officially confirmed.

WastedLocker is reportedly deployed by Russian cybercrime gang Evil Corp, alternatively known as the Dridex gang. Evil Corp is a known cybercrime gang, allegedly run by Maksim Yakubets. Yakubets was indicted by the US Department of Justice last year for his part in the crimes Evil Corp has committed in the past decade. He is at large with the United States Department of State’s Transnational Crime Rewards Program offering a reward of up to $5 million for information leading to his arrest.

Furthermore, the Treasury has also imposed sanctions on Evil Corp, which means companies based in the US would have a difficult time paying the ransom even if they wanted to because engaging in a transaction with Evil Corp is prohibited.

No user data was impacted

In a brief statement, Garmin has said that it found no indications that the outage has affected customer data, including activity, payment or other personal information. The tech giant is in the process of restoring its systems as quickly as possible, though Garmin Connect is still not fully functional at the time of writing.

Leave a Reply