Application Security , Business Continuity Management / Disaster Recovery , Cybercrime

Garmin Tight-Lipped About Cause of Outage

Some Employees Reportedly Say Ransomware Likely Involved
Garmin Tight-Lipped About Cause of Outage
A message displayed when Garmin's website was down

Garmin has not yet announced what caused an outage of its Garmin Connect fitness tracking service as well as its website that apparently began on Thursday.

See Also: Live Webinar | Adversary Analysis of Ransomware Trends

Alex Guirakhoo, threat research team lead at security firm Digital Shadows, tells Information Security Media Group: "Several Garmin employees have shared details on social media attributing the disruption to a ransomware variant dubbed WastedLocker."

But this attribution cannot be independently confirmed, Guirakhoo says, pointing out that WastedLocker's operators do not have a public website where they post claims about their attacks.

WastedLocker is a relatively new ransomware strain and has been attributed to Evil Corp, a cybercrime group better known for its use of the Dridex banking Trojan (see: Evil Corp's 'WastedLocker' Campaign Demands Big Ransoms).

Torsten George, cybersecurity evangelist with security firm Centrify, tells ISMG that circumstantial evidence leads him to believe ransomware was involved.

“An outage of that scope wouldn’t last for days if it was not driven by ransomware, which requires the complete recovery of all their data and systems,” George said on Friday afternoon.

Garmin reported via Twitter on Thursday its website and fitness tracking service were unavailable. As of Friday afternoon, the company's website was accessible, but it displayed this message: "We are currently experiencing an outage that affects and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience."

A company spokesperson could not be immediately reached for comment on the outage.

Be Prepared

Chris Clements, vice president of solutions architecture at the security firm Cerberus Sentinel, says the Garmin incident offers a reminder that companies need to be prepared for outages.

"The security incident at Garmin highlights the need for organizations to implement a well thought out and formalized incident response plan with a preselected response team for key tasks like recovery, root cause analysis and public communications," Clements says.

Because Garmin has released only a limited amount of information about the outage, it is leaving the door open for employees to take to social media and post updates that may be inaccurate.

"In a carefully coordinated incident response action, instructions would be sent out to all employees to refrain from communicating information that may be incomplete or inaccurate,” Clement says. “The IR team members most involved with the situation should communicate through a company spokesperson to ensure that information about the incident is complete and accurate.”

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.