Garmin’s services, websites and customer service have all been down since Wednesday night.
Garmin, maker of fitness trackers, smartwatches and GPS-related products, has reportedly suffered a widespread ransomware attack â though the facts around the cause remain unconfirmed for now.
The manufacturerÂ tweeted on ThursdayÂ that its Garmin Connect service is down; Garmin is a free app for tracking, analyzing and sharing health and fitness activities from a Garmin device.
âWe are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time,â it acknowledged.
But, it also added, âThis outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.â
Meanwhile, aÂ local media outletÂ in Taiwan, where Garmin is based,Â reported thatÂ the outage will soon extend to production lines too: âThe production line will be suspended for two days [July 24 and 25]. At the same time, the official website also announced that the company, including the customer service system, map software updates, and application updates, has suspended related services due to system maintenance.â
The tweets and reporting confirm what users have been reporting since the serviceÂ went down Wednesday nightÂ Eastern Time. As the outage has dragged on, users have become aware how much their personal devices interact with the electronics giantâs infrastructure.
âItâs made me realise [sic] how crazy-reliant my Garmin watch is on their infrastructure,â said a poster on aÂ Hacker News forum. âI went onto the app this morning to try and alter a watch face I already have downloaded, which should totally be configurable through just the mobile app alone. Why the hell does it need to talk to Garminâs servers to let me do this? It should just be possible through the app alone, without needing any involvement from Garminâs servers.â
Another pointed out the potential danger to personal data: âI am concerned a little for the location of my home now being in the hands of the wrong people.â
The situation has causedÂ widespread speculationÂ that the sheer reach of the outage into Garminâs infrastructure indicates a ransomware attack; andÂ one outletÂ said that Garmin employees have confirmed that the WastedLocker ransomware is to blame. That has not been independently confirmed, however.
âWow! This is a doozy,â Saryu Nayyar, CEO at Gurucul, said in an email. âA likely ransomware attack taking down pretty much everything Garmin â website, call center, email, chat, production systems and data-syncing service. You just donât know when the bad guys are going to attack and who will be their next victim. However, what we do know is every organization is susceptible to ransomware attacks.â
She added, âHopefully, Garmin has a daily backup regimen for the companyâs systems and data â thatâs table stakes.â
Evil Corpâs previous schemes involved capturing banking credentials with Dridex and then making unauthorized electronic funds transfers from unknowing victimsâ bank accounts. Money mules would then receive these stolen funds into their bank accounts, and transport the funds overseas. Multiple companies were targeted by Dridex, costing them millions of dollars; victims included two banks, a school district, a petroleum business, building materials supply company and others.
In December, the Feds started cracking down on the group: U.S. authoritiesÂ offered up $5 millionÂ for information leading to the arrest of Evil Corp. leader Maksim V. Yakubets, 32, of Russia, who goes under the moniker âaqua.â Separately, the U.S. Treasury Department in January issued sanctions against Evil Corp, âas part of a sweeping action against one of the worldâs most prolific cybercriminal organizations.â
This is a developing story and Threatpost will update the reporting as it evolves.
mercredi, aoĂ»t 05, 2020