Some Employees Reportedly Say Ransomware Likely Involved
A message displayed when Garmin’s website was down
Garmin has not yet announced what caused an outage of its Garmin Connect fitness tracking service as well as its website that apparently began on Thursday.
Alex Guirakhoo, threat research team lead at security firm Digital Shadows, tells Information Security Media Group: “Several Garmin employees have shared details on social media attributing the disruption to a ransomware variant dubbed WastedLocker.”
But this attribution cannot be independently confirmed, Guirakhoo says, pointing out that WastedLocker’s operators do not have a public website where they post claims about their attacks.
WastedLocker is a relatively new ransomware strain and has been attributed to Evil Corp, a cybercrime group better known for its use of the Dridex banking Trojan (see: Evil Corp’s ‘WastedLocker’ Campaign Demands Big Ransoms).
Torsten George, cybersecurity evangelist with security firm Centrify, tells ISMG that circumstantial evidence leads him to believe ransomware was involved.
“An outage of that scope wouldn’t last for days if it was not driven by ransomware, which requires the complete recovery of all their data and systems,” George said on Friday afternoon.
Garmin reported via Twitter on Thursday its website and fitness tracking service were unavailable. As of Friday afternoon, the company’s website was accessible, but it displayed this message: “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”
A company spokesperson could not be immediately reached for comment on the outage.
Chris Clements, vice president of solutions architecture at the security firm Cerberus Sentinel, says the Garmin incident offers a reminder that companies need to be prepared for outages.
“The security incident at Garmin highlights the need for organizations to implement a well thought out and formalized incident response plan with a preselected response team for key tasks like recovery, root cause analysis and public communications,” Clements says.
Because Garmin has released only a limited amount of information about the outage, it is leaving the door open for employees to take to social media and post updates that may be inaccurate.
“In a carefully coordinated incident response action, instructions would be sent out to all employees to refrain from communicating information that may be incomplete or inaccurate,” Clement says. “The IR team members most involved with the situation should communicate through a company spokesperson to ensure that information about the incident is complete and accurate.”