author photo
By Clare O’Gara
Tue | Jul 28, 2020 | 11:49 AM PDT

SecureWorld has some updates about Garmin's recent cyberattack.

First: The incident was a ransomware attack.

Second: Garmin seems to have an allergy to the word "ransomware."

Did Garmin pay a ransom?

Good news for Garmin users: devices are getting their functionality back, and hopefully, your data was not taken during the attack.

In a recent statement, the wearable company attempted to reassure customers:

"We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed."

While this part of the announcement was clear, however, Garmin has been less concrete about what exactly happened.

The company still refuses to say, or type, the word "ransomware." This is how it phrased the incident in the announcement:

"Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020."

Encrypted, as in... ransomware.

Data and screenshots reveal that ransomware strain WastedLocker is behind the attack.

Without more information from Garmin, the exact ransomware price tag is unknown. But Ars Technica revealed some possibilities:

"Once WastedLocker has taken hold in a network, demands typically range from $500,000 to $10 million. The ransomware name is derived from the extension 'wasted' that's appended to encrypted filenames, which includes an abbreviation of the victim’s name.

Garmin's notice on Monday didn't use the words ransomware or WastedLocker. The description 'cyber attack that encrypted some of our systems,' however, all but definitively confirmed that ransomware of one sort or another was the cause."

Garmin's cyberattack leaves plenty of questions.

Did the company restore from backups? Did it pay the ransom? Did it hire a ransomware recovery firm to act as a middleman, or perhaps its insurance policy paid a ransom?

The ultimate answer: we don't know. And Garmin is not too eager to share. 

What has Garmin's ransomware investigation uncovered so far?

Luckily, Garmin has confirmed that customer data remained secure during its ransomware attack. What was effected?

In its statement, Garmin said that the incident impacted these four areas of the company. 

  1. Website functions
  2. Customer support
  3. Customer facing applications
  4. Company communications

Garmin says although services are coming back online, a backlog of data processing could mean it takes time for things to become fully synced and functional again.

[RELATED: Garmin Wearables Hit with Ransomware Attack, Services Still Down]

Comments