Ransomware a-holes apparently take down Garmin

Surprised there wasn’t already a thread for this. For the last couple of days (since Thursday) my fitness watch (an old vivoactive HR) hasn’t been able to connect to the Garmin Connnect app on my phone, and it appears to be due to a ransomware attack:

I’ve read in other stories that not only fitness apps and such have been affected but FAA-required GPS units in some planes as well?

I’ve been following this closely. I have a Garmin Vivoactive 3 smartwatch. One thing I’m intensely happy about right now is that I picked this watch because it was more of a watch with smarts, so this outage has been pretty invisible to me. I only noticed because I wanted to see how well I slept the other night and sleep stats weren’t available (I think they use the cloud for analysis of night time movement patterns). Other then that everything else has been working just fine, at least in how I use it.

I can still track my workouts, I just can’t post them online lol.

I’m sure Garmin has backups, but this seems extremely targeted so I can’t imagine the difficulty of isolating it and bringing things back-on without a reinfection.

I don’t suppose you can upload other files from your watch directly to Strava besides the .fit excercise activity files, right? I can’t see sleep, or estimated calories consumed daily etc. till this outage goes away if ever. Even the activity files don’t show heart rate data.

I honestly don’t know. I’ve read online that you can grab some data off the watch by connecting it to the computer, but some watches make that easier or harder. I haven’t looked into the details cause I don’t do that stuff even when the cloud is online :P

It seems as though they do have backups, but the restore and testing is going to take all weekend.

Confirmation of what was already an open secret:

Hard to believe that Garmin developed a system that has no worst-case scenario options for this. Shouldn’t they at least be able to wipe their systems to zero then restore them with a known-good backup?

I think you are underestimating how long it would take to shut down and wipe every single server and computer system every employee uses across all their networks, and to make sure which backups are safe from the ransomware and which ones aren’t.

If they bring one backup or computer online prematurely without isolating it in the network it could re-infect everything and bring things back down again.

Its annoying since I can’t do any of my weekly tracking in the app, since I can’t even load my local copy. It crashes after it leaves the loading screen.

Like I said, worst-case scenario. Right now their products don’t work. So either they pay these hackers $10 million to maybe get them working again, for now, or they wipe everything. I mean they’re going to have to do it anyway or these guys are going to shut them down again eventually.

What … guarantee in these situations that they give 10 million and then, a week later, they have to give another 10 million?

I’m not sure what the corporate view about giving in to ransomware attacks are.

According to this page:

  • Nearly 40 percent of victims paid the ransom.
  • 96 percent of organizations that paid the ransom received a decryption tool from the hackers.

Essentially the likelihood is high because they all know if they get a reputation of taking the money and running then that 40% that pay the ransom goes down to zero.

According to the status page services are starting to come back online. Doing a sync just now pushed my activities up, though the syncing was slow.

Good to hear, thanks for the update. While it sucked for us normal people, I wonder how much this is going to cost them on the aviation side of things? They can’t afford down time I am sure.

I heard on some podcast years ago an expert was saying these companies don’t invest enough on security of their networks. Just enough to get by. If that was the case here, I am hoping they learned their lesson.

Sounds like it was Russians and Garmin paid them, but Garmin can’t admit to paying them because they will get in trouble with the US government.

I can’t see how they got funds to Evil Corp without any Western bank noticing, and no Western bank will facilitate that payment. Perhaps one of Garmins Russian subsidiaries has accounts at a Russian bank.

Now OFAC know they will be knocking on Garmins banks door for more info. I expect we’ll see some kind of settlement with the US Treasury a few years down the line, adding to Garmins costs.

Got a message from an Amazon delivery person that they couldn’t locate my apartment building and asked for directions. It struck me as absolutely bizarre as they’ve been delivering boxes for years, but then I remembered this thread. sigh

Anyone else able to upload workouts? I can’t. Everything appears to be up, but some services are limited. My uploads are failing.

Edit: took a few tries, but finally got it to go through.

Why would Garmin get in trouble from the US Gov? Is paying ransoms illegal in some way?

Potentially yes. I don’t know the exact provisions, but financing criminal activities through such payments could be illegal.

But, I am not a lawyer or anything. I just know that the US actually has some of the more restrictive rules regarding such payments.