Popular smartwatch maker Garmin has reportedly suffered a massive ransomware attack that has shut down all of its servers, affected its call centres and website, and left the company unable to receive any calls, emails, or online chats.
The company, that offers GPS-based activity trackers, smartwatches, and navigation kits for automotive, aviation, marine, outdoor, and sports industries, announced the ongoing outage affecting Garmin.com and Garmin Connect on its digital platforms but stopped short of detailing the precise reason behind the outage.
“We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience,” the company said.
According to news reports, the ongoing outage occurred due to a massive ransomware attack that took Garmin’s website, mobile apps, and customer service call centres offline on Thursday. The shutdown of the Garmin Connect service has affected users of Garmin’s products the most as they have been rendered unable to sync their recent activities or track their daily performance.
The ongoing outage has also affected Garmin’s aviation database services as well as flyGarmin, a critical service that supports the company’s aviation navigational equipment. According to ZDNet, many pilots have been unable to run an up-to-date version of Garmin’s aviation database on their Garmin airplane navigational systems and haven’t been able to use the Garmin Pilot app to schedule and plan flights as well.
Garmin may have been the victim of a post-intrusion ransomware attack
Commenting on news reports on Garmin suffering a crippling ransomware attack, Don Smith, Senior Director of Secureworks Counter Threat Unit (CTU), told TEISS that if Garmin has been the subject of a post-intrusion ransomware attack then they are not alone. They will be one of many who have fallen prey to such cybercriminals.
According to Smith, post-intrusion ransomware attacks have increased by 100% year-on-year over the last two years as post intrusion ransomware is a highly profitable and effective way to extort money from large enterprises. Given a network intrusion, the “return on investment” of post-intrusion ransomware makes it a compelling route to monetisation for cyber criminals.
Faiz Shuja, Co-Founder & CEO of SIRP Labs, says that the attack on Garmin is the latest in a series cyber attacks where threat actors are embedding ever greater levels of sophistication into their ransomware.
“Their aim is to exploit vulnerabilities left by organisations who had precious little time to complete security checks when they transitioned to remote working at the start of the pandemic. While they may trigger alerts, our latest research shows a quarter turn out to be false-positive and are easily missed.
“Faced with this, security teams need the capacity to tell the organisation’s risk profile at a glance to place threat alerts into context. This involves proactive monitoring of global threat intelligence and correlating it with the organisation’s landscape. This puts them in the best possible to make informed decisions about protection and incident response priorities,” he adds.