Garmin is back online after a ransomware attack

Hard days for Garmin are passed away. Early on July 23 morning the fitness tracking company Garmin was hit with a ransomware attack that shut down the company’s website, phone or chat support, prevented emails and stopped activity uploads. 

This issue continued for four days. On last Tuesday, Garmin said the issue has been resolved. The company’s website and Garmin connect service are back online and activities are beginning to sync. 

This news gave some comfort to the millions of Garmin users worldwide who were unable to get any analytics for their runs and rides. Garmin also said that it may take some days for normal operation to resume. 

The attack affected not just activity tracking but also other services of the company such as flyGarmin and Garmin Pilot Apps, which is used for flight plan filling. 

Garmin’s communication during this hard time has been fairly non transparent, the company referred to the issue in external communications only as an outage or maintenance. However, according to some anonymous sources within the company revealed to tech websites that the company was the victim of a ransomware attack. The attack was executed with a ransomware software called “WastedLocker”. The Software is developed by the Russian Evil Corp criminal hack group. The price for the ransom was reported to be US $10 million. 

After four days from the attack, Garmin released its first formal statement stating it was the victim of a cyber attack:

It would be illegal for Garmin to have paid them the ransom because Evil Corp( the source of the hack) was sanctioned by the US Treasury in December. 

However, a news report reported that Garmin “obtained the decryption key to recover its computer files”. 

Sources also claim that the company didn’t make a direct payment to the hackers. Meanwhile, Forbes thinks that the payment of the ransom could be written off by Garmin as a tax deductible business expense.