Garmin is yet to acknowledge the cyber attack on its infrastructure.
The services of wearable gadgets and smart fitness devices maker Garmin Ltd got disrupted after the company presumably became a victim of a ransomware attack. The attack led to the suspension of its manufacturing operations and affected its website, and mobile application Garmin Connect to go offline.
Garmin is well-known for producing devices like Forerunner smartwatches that help the user track running performance.
Garmin took to Twitter to post about the incident, revealing that apart from the website and the mobile app, its call centers were affected.
We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time. (1/2)
— Garmin (@Garmin) July 23, 2020
It is worth noting that the company couldn’t receive calls or offer other online services such as live chat or email. All of Garmin’s facilities, including its aviation devices’ navigation service called flyGarmin, remained disconnected for over 20 hours.
On the other hand, Garmin didn’t confirm that it has become a victim of a ransomware attack. However, many employees of the company tweeted that the attacker used the WastedLocker strain of ransomware targeting the internal network of the company and forcefully shut down a majority of its vital services.
Moreover, iThome reported that Garmin’s IT staff wrote in their internal memo that its Taiwan factories would remain down for at least two days for maintenance purposes. The memo cited the reason to be a virus, and it noted that Garmin’s IT services and databases were attacked. The notice was sent to numerous other departments of Garmin’s factories in Taiwan.
Some of the company’s websites and services came back online at around 9:40 p.m. EDT. However, it isn’t clear when all of its functions will resume operations.
The outage, nonetheless, affected Garmin’s customers and its aviation navigational service, which is far more detrimental as pilots use it for downloading data to navigational systems as per the US Federal Aviation Administration’s requirement.
Talos Intelligence claims that the hacking group Evil Corp could be the probable perpetrator of the attack, as it is closely associated with the use of WastedLocker ransomware. The group firstly compromises corporate networks, and after obtaining privilege escalation, it activates ransomware to demand the ransom payment.