Garmin acknowledges cyberattack, doesn’t mention ransomware

Business

FILE – In this Jan. 7, 2015 file photo, Garmin’s Vivofit 2 fitness tracker is on display at the Garmin booth at the International CES, in Las Vegas. GPS device-maker Garmin’s online fitness tracking service has gone down, leaving runners and cyclists struggling to upload data from their latest workouts. Garmin Connect, an app and website that works with the company’s popular line of fitness watches, remained out of service on Friday, July 24, 2020. (AP Photo/Jae C. Hong, File)

BOSTON (AP) — The GPS device maker Garmin Ltd. acknowledged Monday being victimized by a cyberattack last week that encrypted some of its systems, knocking its fitness tracking and pilot navigation services offline. It said systems would be fully restored in the next few days.

In an online statement, the company did not specify that it was the target of a ransomware attack, in which hackers infiltrate a company’s network and use encryption to scramble data until payment is received. But a person familiar with the incident response told The Associated Press the attackers had turned over decryption keys that would allow Garmin to unlock the data scrambled in the attack. The person spoke on condition they not be further identified.

The attack crippled company servicesincluding Garmin Connect, which is popular with runners and cyclists for tracking workouts, and the FlyGarmin navigation service for pilots. A Garmin spokesperson said the company had no comment beyond its statement.

The online cybersecurity news site BleepingComputer identifiedthe malware as WastedLocker, which various security firms have attributed to the Russian cybercriminal gang Evil Corp. The U.S. government announced in December that it was freezing the assetsof members of the group.

Olathe, Kansas-based Garmin said Monday that, in addition to GPS-based services, customer support and company communications were also interrupted by the July 23 attack.

“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen,” Garmin said in its statement. The attack also didn’t affect the functionality of any of its products, which include fitness watches, it added.

Ransomware is a growing threat and experts say it will only get worse if victims keep paying ransoms. In the U.S. last year, ransomware attacks on state and local governments, healthcare providers and educational institutions alone caused an estimated $7.5 billion in damage, according to the cybersecurity firm Emsisoft.

Copyright 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

News Highlights

More News Highlights

Don't Miss

Event Calendar