Smartwatch maker Garmin has suffered a WastedLocker ransomware attack. Garmin apparently obtained decryption key(s) to overcome the attack, and may have hired an intermediary to pay the hacker's ransomware demands.
Garmin has not disclosed whether the smartwatch maker has hired an MSSP (managed security service provider), ransomware negotiator or cybercrime forensics team to assist with the recovery. Here are ongoing updates and details about the attack, and Garmin's business recovery process.
July 23, 2020: A cyberattack impacted Garmin.com, Garmin Connect, call centers, emails and online chats. Source: Garmin Tweet on Twitter, July 23, 2020.
July 23, 2020: Garmin shut down several of its services on July 23 to deal with a ransomware attack that has encrypted its internal network and some production systems. Source: ZDnet, July 23, 2020.
July 24, 2020: The Garmin network outage and cybersecurity incident involved a WasteLocker ransomware attack. Source: Bleeping Computer, July 24, 2020.
July 24, 2020: Hackers are seeking a $10 million extortion payment from Garmin. But it's unclear if or when Garmin will make the payment. Source: Bleeping Computer, July 24, 2020.
July 25, 2020: A Garmin FAQ about the outage says Garmin Connect is still impacted, but there is no indication that the outages has affected customer data, payment and other personal information. Source: Garmin FAQ, July 25, 2020.
July 27, 2020: Garmin issued a statement about the outage. Among the key takeaways:
- The attack occurred and encrypted some systems on July 23, 2020.
- There is no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen.
- The functionality of Garmin products was not affected, other than the ability to access online services.
- Affected systems are being restored and the company expects "to return to normal operation over the next few days."
- Garmin does "not expect any material impact to our operations or financial results because of this outage."
July 28: Garmin did not directly make payment to hackers, but the smartwatch maker may have hired a third party to pay hackers for the decryption key(s), according to Sky News. Garmin's systems also seem to be recovering, that report says.