Cyber Attack Hits Garmin - Aeroplanes Grounded!

A report on the cyber attack on Garmin in July 2020 by Awen software developer Seren Corbett:

On Thursday 23rd July, popular smartwatch and fitness tracker app maker Garmin announced they were “experiencing an outage” of many of its fitness tracker products and services as well as their customer services. While other sources claimed that it has also affected their aviation service flyGarmin, and Garmin’s production lines in Taiwan.

The services are now said to be recovering but the outage meant that fitness activities could not be synced, aeroplanes may have had to stay grounded and the Garmin production lines in Taiwan have had to shut down for 2 days over the weekend.

Garmin has stated that no activity data has been lost and no personal data has been stolen.

This 4 day outage has reportedly been caused by “WastedLocker” ransomware, which encrypts files on the affected systems rendering them inaccessible unless the ransom demand (in this case $10m) is fulfilled. “WastedLocker” is a ransomware created by a notorious Russian cyber-criminal group EvilCorp, which has been found responsible for many other high profile cyber attacks, including the Dridex attacks which caused more than $100 million to be stolen from banks across 40 countries. 

This attack has again proven that no company is too large to be unaffected by such a ransomware attack and that they can cause serious consequences for the companies targeted. Like software development, ransomware development is constantly evolving. While it may not be possible to protect the company from all cyber security threats, it is important to have policies in place to minimise the damage. 

Awen helps companies like Garmin, who provide an essential service within the supply chain of our critical infrastructure services such as aviation, to (1) ensure that their cyber security policies and procedures are always improving using our Profile software, and to (2) ensure that they have a full and proper picture of their assets and vulnerabilities in their Operational Technologies using our Dot software.