Garmin smartwatch and aviation services shut down for hours – new WastedLocker ransomware supposed to be the culprit
Garmin Ltd., an American multinational technology company headquartered in Kansas[1], and actively competing with Fitbit and Apple has experienced an outage on July 23, 2020. The company has shared an official note on Twitter[2] and its official domains that the Garmin Connect, Garmin’s phone system, Garmin’s fitness tracking app, email services, and customer care have been shut down temporarily due to outage.
The company posted a tweet on Twitter informing the customers and followers about the outage but did not expatiate on the causes. However, the affiliate company from Taiwan known as iThome[3] informed the media that the Garmin IT staff informed about a targeted attack over the company’s servers. According to the source, the company plans to suspend the production line for two days, as well as customer service, map software, app updates, and similar. In addition, iThome indicated the fact that Garmin users started reporting inaccessible historical data of physiological information, thus arising people’s concern about the safety of personal data.
Although the fact is not yet approved, the cybersecurity community shares the speculations that Garmin has become a victim of the WastedLocker ransomware virus. However, the company does not provide anything more except for:
Dear Garmin Users,
Our servers are currently down for maintenance & it may limit the performance of Garmin Connect Mobile & Website, and Garmin Express. We are trying our best to resolve it asap. We seek your kind understanding & apologise for any inconvenience.
Thank You
WastedLocker ransomware – a companion of Bit Paymer and Dridex
Although the fact that WastedLocker[4] ransomware is the culprit of the Garmin outage hasn’t yet been approved, there are multiple unofficial sources (some claim to be Garmin employees) claiming that the company has experienced a targetted attack by the mentioned cyber threat.
According to cybersecurity experts, the WastedLocker ransomware is related to Dridex and BitPaymer[5] viruses, all of which stem from the same Evil Corp family. Just like the predecessor BitPaymer, the WastedLocker is targeting large-scale organizations. Previous attacks of this ransomware family showed a tendency to target US-based companies[6] and corporations. However, there’s no proof that other countries cannot fall victim.
The WastedLocker is known for appending .wasted suffix, which is usually preceded by the victim’s name. In this particular case, the compromised data might have been renamed “garmin.wasted” or something. However, there’s no proof that this attack has really taken place.
The issue seems more serious than initially thought
The fuss started to happen when the message on the official Garmin’s Twitter account emerged. At the time, the company confirmed the fact that due to the outage, Garmin.com and Garmin Connected has been shut down temporarily[7].
Soon after this report, Garmin attack info has been supplemented by a statement that the supposed outage affected the call center, email services, and online chats. Followed the news, users of Garmin products have started flooding online forums[8] expressing concern.
However, not much is said about the situation. The company does not disclose any details while the investigation is taking place. Officially, the issue has been called “planned maintenance” claiming that the Garmin Express, Garmin Connect mobile, and other services have been shut down on purpose. Such claims have been tweeted by the Garmin Indian branch.
However, the issue turned out to be more serious. Several hours after the Garmin Indian tweet, the official Garmin twitter and official websites have been supplemented with a tweet or banner text apologizing to the users for the inconveniences and indicating the outage as the culprit.
The supposed “unexpected maintenance” or “outage” lasted for 12 hours in Japan and India. The performance of the shutdown Garmin services has been renewed.