GPS and wearables company Garmin Ltd. has suffered a suspected ransomware attack that has caused its services to be taken offline and manufacturing operations to be suspended.
Details on the attack are a little slim. Garmin said on Twitter at 9:30 a.m. EDT today that it was experiencing outages with Garmin Connect, its mobile application, along with its related website. In a second tweet, the company said the outage also affected its call centers and it was unable to receive calls, emails and online chats.
The ransomware suggestion comes from IThome, a site in Taiwan that reported that Garmin staff were told that the company’s production line would be shut down for two days. The report (translated from simplified Chinese) says Garmin’s information technology department sent a notice to various other departments in Taiwan saying that IT services and databases had been “attacked” without providing any further information.
Earlier today, all of Garmin’s websites and services were offline, although as of 9:40 p.m. EDT some Garmin websites were back online. It’s not clear whether other services have been restored as of the time of writing.
Beyond inconvenience for consumer users, ZDNet reported that the outage has more serious consequences as flyGarmin, a web service that supports aviation navigational equipment, was also down. The service is used by pilots to download data to navigational systems with up-to-date versions of the database being a U.S. Federal Aviation Administration requirement.
There are unconfirmed reports that the attack may have involved WastedLocker ransomware, a form of ransomware linked to hacking group Evil Corp. According to Talos Intelligence, after initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.
Saryu Nayyar, chief executive officer of unified security and risk analytics company Gurucul Solutions Pvt Ltd A.G., told SiliconANGLE that the attack was “a doozy” in that it was “a likely ransomware attack taking down pretty much everything Garmin – website, call center, email, chat, production systems and data-syncing service.”
“You just don’t know when the bad guys are going to attack and who will be their next victim,” Nayyar said. “However, what we do know is every organization is susceptible to ransomware attacks. So, do what you can to prepare and respond. Hopefully, Garmin has a daily backup regimen for the company’s systems and data.”
Colin Bastable, chief executive of security awareness training firm Lucy Security A, noted that 97% of losses stem from socially engineered attacks and over 90% are initiated by email.
“There are no front lines in cyberwarfare – we are all fair game for bad actors and no entity or person is safe from cyberattack,” Bastable added. “Train your people to detect and resist ransomware attacks – just as you patch systems, patch your people with regular, varied, continuous and well-planned security awareness training to make them part of your defenses.”