Garmin Global Outage Reportedly Caused By Ransomware Attack
TechCrunch reported that an ongoing global outage “at sport and fitness tech giant Garmin was caused by a ransomware attack, according to two sources with direct knowledge of the incident.”
The incident “began late Wednesday and continued through the weekend, causing disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices. The attack also took down flyGarmin, its aviation navigation and route-planning service,” wrote TechCrunch.
The report stated that “Garmin has said little about the incident so far. A banner on its website reads: ‘We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.’”
The two direct sources “told TechCrunch that Garmin was trying to bring its network back online after the ransomware attack. One of the sources confirmed that the WastedLocker ransomware was to blame for the outage,” the report continued. “One other news outlet appeared to confirm that the outage was caused by WastedLocker.”
WastedLocker is “a new kind of ransomware, detailed by security researchers at Malwarebytes in May, operated by a hacker group known as Evil Corp,” TechCrunch wrote. “Like other file-encrypting malware, WastedLocker infects computers, and locks the user’s files in exchange for a ransom, typically demanded in cryptocurrency.”
Evil Corp has a “long history of malware and ransomware attacks,” the report stated. “The group, allegedly led by a Russian national Maksim Yakubets, is known to have used Dridex, a powerful password-stealing malware that was used to steal more than $100 million from hundreds of banks over the past decade. Later, Dridex was also used as a way to deliver ransomware.”
“WastedLocker has been attributed by some security companies to Evil Corp, and the known members of Evil Corp — which purportedly has loose connections to the Russian government — have been sanctioned by the U.S. Treasury,” said Brett Callow, a threat analyst and ransomware expert at security firm Emsisoft.
“As a result of those sanctions, U.S persons are generally prohibited from transacting with those known members. This would seem to create a legal minefield for any company which may be considering paying a WastedLocker ransom,” he concluded.