GPS device maker Garmin admitted on Monday that it had been the victim of a cyber attack last week in which some of its systems were encrypted and fitness tracking and pilot navigation services were taken offline. The systems would be fully restored in the next few days.
In an online statement, the company did not state that it was the target of a ransomware attack in which hackers infiltrate a company's network and use encryption to encrypt data until payment is received.
However, a person familiar with the response to the incident told The Associated Press that the attackers had provided decryption keys that Garmin could use to unlock the data encrypted during the attack.
Smartwatch maker Garmin has confirmed that it has been victims of a serious cyber attack that resulted in many of its services being offline for five days
Garmin Connect software unsuccessfully attempts to contact the company's servers to upload fitness data. The experience frustrated the customers
Garmin has not disclosed whether it has paid the $ 10 million ransom demanded by the cybercrime group led by a 33-year-old Russian playboy hacker, Maksim Yakubets, who will deliver a bespoke Lamborghini worth Drive $ 250,000 with a personalized license plate that means the word "thief"
Garmin announced that its devices are back online, but there may still be some issues
Files shared by a Garmin representative show how a ransomeware file has been attached to each file, and tell the user details what to do next to get their data
A tweet shows the email address that Garmin employees should receive by email to restore access to their data
A hacker's note was attached to each individual data file in Garmin's systems, detailing how the company can restore access after paying a ransom
Garmin has not disclosed whether it paid the $ 10 million ransom demanded by a cybercrime group led by 33-year-old Russian playboy hacker Maksim Yakubets, who ordered a custom-made $ 250,000 Lamborghini -Dollar drives.
In December 2019, the FBI set Yakubets bounty of $ 5 million to get information that led to his capture. It is the biggest reward for a suspected cybercrime criminal.
The person spoke on the condition that they can no longer be identified.
Dozens of millions of people around the world found the company's GPS and fitness trackers, including those used by runners, cyclists, and pilots, on five consecutive days.
Users reported that Garmin services slowly returned on Monday after the system was hacked
The attack paralyzed the company's services, including Garmin Connect, which is popular with runners and cyclists to track training sessions, and the FlyGarmin navigation service for pilots.
Customers said Monday that their services have "partially" returned. One wrote: & # 39; For the first time in over 4 days, Garmin Connect seems to be a bit back again. It's a bit touch and go, but it wakes up. & # 39; Another added: “It took me over 5 minutes from my 10k pb this morning. Thank God Garmin is back and I have evidence of that. & # 39;
A Garmin spokesman said the company had made no comment beyond his testimony.
The online cyber security news site BleepingComputer identified the malware as WastedLocker, which is owned by various security companies belonging to the Russian cybercriminal gang Evil Corp. have attributed.
Services such as Garmin Connect and Strava were listed as restricted as of Monday
A Twitter user posted an image showing that their Garmin smartwatch could not be updated
The US government announced in December that it would freeze the assets of members of the group.
Garmin of Olathe, Kansas, said Monday that besides GPS-based services, customer support and corporate communications were disrupted by the July 23 attack.
"We have no indication that customer information, including Garmin Pay payment information, has been accessed, lost or stolen," said Garmin in his statement. The attack also did not affect the functionality of the products, which also included fitness watches.
Ransomware is a growing threat, and experts say it will only get worse if victims continue to pay ransom.
In the United States, ransomware attacks on state and local governments, healthcare providers, and educational institutions alone caused an estimated $ 7.5 billion in damage, according to cyber security company Emsisoft.
The ransomware attack has resulted in many Garmin systems being shut down.
Employees connecting from home via VPN were also cut off from Garmin's systems to stop the ransomware from spreading across the network.
Until Monday, Garmin was largely silent about the failure.
Garmin said nothing about whether the company had paid the ransom despite multiple questions from users on Twitter
Garmin Ltd. announced today that it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020.
As a result, many of our online services have been interrupted, including website features, customer support, customer-centric applications, and corporate communications.
We immediately began to assess the nature of the attack and began to remediate it.
We have no indication that customer information, including payment information from Garmin Pay ™, has been retrieved, lost, or stolen.
In addition, the functionality of Garmin products was not affected except for the ability to access online services.
Affected systems will be restored and we assume that we will be able to work normally again in the next few days.
Due to this failure, we do not expect any material effects on our business activities or our financial result.
When restoring our affected systems, we expect some delays in processing the information jam.
We are grateful for the patience and understanding of our customers during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.