Garmin has all but confirmed the company was the victim of a ransomware attack, but says no customer data appears to have been stolen.
In a Monday statement, Garmin described last week’s incident as a “cyber attack” that encrypted some of its systems—the hallmark of a ransomware attack. “As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications,” the company said.
Evidence is emerging the attack involved a ransomware strain known as WastedLocker, which security researchers suspect comes from a Russian hacking group known as Evil Corp. In December 2019, the US government imposed sanctions on 17 individuals tied to the group.
According to BleepingComputer, the culprits behind the Garmin attack have been demanding the company fork over $10 million to free the encrypted computers. But whether Garmin agreed to pay up is unclear. The company declined to offer any further comment.
If Garmin did pay the hackers, then it’s possible the company violated the earlier US sanctions against Evil Corp, which federal investigations claim is being run by a 32-year-old Russian named Maksim Yakubets.
For now, Garmin is only saying: “We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost, or stolen.” The company is also gradually restoring the affected systems, and expects them to return to normal within a few days.
A status page for the company’s services now shows Garmin Dive, Garmin Golf, and LiveTrack are all back up. However, access to Garmin Connect, the company’s database for wearable devices, remains spotty. “As our affected systems are restored, we expect some delays as the backlog of information is being processed,” the company added.
