Garmin Ransomware Attack Leaves Wearables Locked Out Of Critical Services

Garmin Tactical
Garmin is having itself a no good, terrible day. and it could extend throughout the weekend. The cause of Garmin's woes is a ransomware attack, according to employees who have posted about the matter on social media, and it is affecting several of the company's services for its line of wearable products and aviation dealings.

If you head over to Garmin's website, you will see a message at the top that alludes to the ransomware attack, though the company has not outright confirmed it as such.

"We are currently experiencing an outage that affects and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails, or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience," Garmin states on its website.

Garmin also posted the same message on Twitter and Facebook, but has not followed up with an explanation, as it is currently investigating the matter. However, according to ZDNet, some of Garmin's employees have attributed it to a new ransomware that emerged earlier this year, called WastedLocker, coded by group called Evil Corp (it also goes by Dridex).

Ransomware is a type of malware that locks people out of their systems via encryption, and demands payment—often in Bitcoin, because it's harder to trace the digital coin's tracks—in exchange for a de-encryption key. In some cases, if a user refuses to pay, their data is permanently deleted, which serves as added incentive to fork over funds.

In addition to affecting support services and wearables, pilots have said they are not able to download data to their Garmin navigation systems. The FAA requires that they have the latest data. The Garmin Pilot app used to schedule and plan flights is also apparently down.

Adding to the intrigue, the folks at ITHome got their hands on an internal memo Garmin sent to its factories in Taiwan, which indicate the company is planning two days of maintenance (today and tomorrow). The memo says the company was attacked by a "virus," so it certainly sounds like a ransomware incident.