While news has been circulating about an ‘outage’ at Garmin, let’s be clear this was no ordinary outage. Garmin’s data center got hacked, and with it an incredible amount of highly personal data of its many users. In typical Ransomware fashion, the criminals locked up the IT systems at Garmin in return for payment.
Weapon of choice for the attack seems to have been the by now notorious ‘WastedLocker’ Ransomware. As per Symantec “The end goal of these attacks is to cripple the victim’s IT infrastructure by encrypting most of their computers and servers in order to demand a multimillion dollar ransom. […] WastedLocker is a relatively new breed of targeted ransomware. WastedLocker has been attributed to the notorious “Evil Corp” cyber crime outfit. Evil Corp has previously been associated with the Dridex banking Trojan and BitPaymer ransomware, which are believed to have earned their creators tens of millions of dollars. Two Russian men who are alleged to be involved in the group have open indictments against them in the U.S.”
Garmin devices, like other similar smartwatches, track a wealth of personal data including health statistics and location data. It goes without saying that such data is of an extremely sensitive and valuable nature. Garmin’s official statement is that “Although Garmin Connect was not accessible during the outage, activity and health and wellness data collected from Garmin devices during the outage was stored on the device and we anticipate that all data will appear in Garmin Connect once the user syncs their device”.
The outage has now been resolved. The question is how it got resolved as this has not been revealed. A reported 10 Million dollar was being demanded by the cyber crime outfit. Question is if Garmin managed to resolve the issue by itself, or figured it’d be cheaper and faster to just pay up and move on.
Another question is what, if any, the consumer reaction will be to this situation. Smartwatches are slowly but surely taking a central role in many user’s lives. No longer used for simple tracking, the smartwatches can now be used to pay bills, open cars, and of course – store and track a massive range of data points. This all works great, until that data finds its way on the street of course.
More info on Garmin’s site here