Garmin under Attack: has ransomware taken everything offline?
Since last Thursday, the Garmin Connect app has been reporting that servers are «down for maintenance». Workouts aren't synchronized from your clock to the app or only at irregular intervals, Garmin's B2B flight navigation systems are now functional again, and navigation devices seemingly ran smoothly on Monday morning. What looks like standard server maintenance is supposedly due to a cyber attack – if insider comments on social media can be believed.
And herein lies the problem: Garmin has made the mistake that many companies make. They communicated very poorly. The public still doesn't know why servers are offline even after four days, at least not from official sources . On Sunday, Garmin only published an FAQ on the topic. The statements:
- Data will remain stored on watches and trackers.
- The emergency call system Garmin inReach SOS wasn't affected by the attack
- Garmin is working on restoring the system. The status of the system can be checked on this website.
- Personal data wasn't affected.
The attack as it happened
What exactly is going on in Garmin's house isn't known. Aside from «Maintenance». The online tech magazine ZDNet reports that Garmin employees have been speaking of a ransomware attack on social media. There's talk of a software called WastedLocker, run by a group called Evil Corp. Both the cyber attack and WastedLocker are officially unconfirmed. WastedLocker is ransomware, encrypting data on the system and only decrypting it after a ransom is paid.
The Taiwanese Tech Site ITHome has leaked an internal memo in which Garmin shut down the production lines for two days.
The attack in detail
Since Thursday, you can't transfer workouts from your watch to a smartphone. This shows that Garmin Smartwatches and Fitness Trackers won't work without connections to the server. This in turn means that Garmin Connect only uses data from a web end and displays it.
Furthermore, the app is essentially a middleman between the clock and the web end, not interpreting data itself. It simply tells the watch that data should be sent to the network via a phone. This makes Garmin's server infrastructure much more than just a data storage device. The cloud calculates and interprets the data your trackers record. This, although a smartphone would be more than capable of doing this. On the other hand, the already quite large 189.5 MB Garmin Connect App would become much bigger and more complex.
Furthermore, if you want to believe Garmin, the workouts you're currently tracking are stored on your tracker. Raw data obviously isn't large enough to fill the data memory of a tracker. At least not in the time Garmin expects to fend off the attack.
The right reaction
To silence a cyber attack that affects millions of customers and an entire company won't work. Someone in the company is always talking, and public interest in the security of their own data entrusted to the company is great. Garmin's response to the unexpected «Server Maintenance» is a lesson in how not to handle it.
A social media team and a corporate communications department must communicate openly and preventively in such a case. Yeah, there was an attack. Yeah, that's not good. Yeah, we've got problems. Yeah, we're working on it. Even if the attack can be fended off, be it by paying the ransom or by removing the ransomware, your reputation remains shattered. But this way you'll be seen as courageous and open. All a company needs is courage and openness.
Senior Editor, Zurich