Garmin is now actively recovering from a total system sabotage which was caused by the WastedLocker ransomware several days ago. A worldwide outage was caused by the criminal group behind it.
Garmin Is Now Recovering From The WastedLocker Ransomware: Returns To Normal Operations
Garmin is actively recovering from a dangerous virus outbreak which was able to break down the service it offers to its customers. The worldwide outage lasted for five days during which the company was unable to recover. The security incident occurred on July 23 2020. Following the incident an announcement was posted on the Garmin site.
The virus outbreak was likely caused by a payload dropper — a small file which when run will download and run a script that will retrieve the main ransomware engine. The infection sequence will be started which will activate all of the built-in modules. In the end the file encryption will be run rendering all target data inaccessible. They will be encrypted a strong cipher and renamed with the .garminwasted extension.
When the hackers have penetrated the systems the online services offered by the company have been interrupted. This includes core functionality including the following:
- Websites Access
- Customer Support
- Customer Applications
- Company Communications
Basically all of the important services which customers use in products offered by the company or access to them via software services will not be available. When Garmin staff started to investigate into the matter it became known that there is no indication that customer data was accessed, lost or stolen. Preloaded Garmin software, maps and data were still not impacted however if the users want to access the Garmin Online Services they will not be able to open. The company has started to effectively restore their servers and impacted machines. As usual the hackers will blackmail the victims for a ransom payment in cryptocurreny assets.
It is not known if Garmin have paid the hackers the requested cryptocurrency payment or they have obtained the decryption key from another source. Yesterday the company started to recover the Garmin Connect service which has returned with limited functionality.