Jump to content

Garmins website has been down for three days


Recommended Posts

The splash page is up but there's been a banner about an "outage" which they claim affects the call centers ability to take Telephone calls?

Before that, when I tried to register my InReach, the website/database interface threw error, for 2-3 days.

 

This does not inspire trust and confidence in Garmins ability to show tracking points from the InReach, route messages to contacts whose information is stored in the customer database or route emergency messages to GEOS .  fortunately I never got far enough in their registation processes to give them a credit card number, but seriously?  WTF?

Link to post
Share on other sites
35 minutes ago, Alan H said:

The splash page is up but there's been a banner about an "outage" which they claim affects the call centers ability to take Telephone calls?

Before that, when I tried to register my InReach, the website/database interface threw error, for 2-3 days.

 

This does not inspire trust and confidence in Garmins ability to show tracking points from the InReach, route messages to contacts whose information is stored in the customer database or route emergency messages to GEOS .  fortunately I never got far enough in their registation processes to give them a credit card number, but seriously?  WTF?

I noticed it when I tried to download an activity from my Quantix5 watch to Connect. One non Garmin website speculated that Garmin was hit with  Ransom ware.

Link to post
Share on other sites
16 minutes ago, Great White said:

I noticed it when I tried to download an activity from my Quantix5 watch to Connect. One non Garmin website speculated that Garmin was hit with  Ransom ware.

Jesus

 

In all seriousness though, that's why I'm skeptical of the private sector, or any third parties at all in the chain in rescue systems.

 

"Help! I fell overboard and am drowning!"

"I'm sorry, your RescueSYS20 requires a software update"

"There are sharks! Drowning!"

"Your payment method on file has expired, please update by entering a new card number."

"They're CIRCLING ME IN THE WATER HERE!"

"Thank you for calling Garmin, recently acquired by Amazon. DUE to the Covid-19 health crisis, you may experience longer wait times than normal. For an expedited hold time experience, consider upgrading to platinum."

  • Like 5
Link to post
Share on other sites

But.....they can't take TELEPHONE CALLS?

I suppose if all their phones are VoIP, then maybe. But you know...cell phones? Landlines?  Maybe have a backup website on another server, and just change over the DNS entries?

They can't get E-MAIL?

Link to post
Share on other sites

No word still.

Question is if you pay ransom to a ‘sanctioned’ outfit then you’re in trouble with the US DoJ?   How do you get out of that?  Deny paying and declaring your cloud backups were ‘finally’ booted up?

Link to post
Share on other sites

There is no incentive for the ransomer to ever give up the encryption keys after receiving the ransom.

The answer(s) here are: Disaster Recovery and Yeah We Are Going To Have To Update The DR Plan Because This One Was Shit.

  • Like 1
Link to post
Share on other sites
12 hours ago, Great White said:

Garmin Connect is still down. I can't login, sync or pair my watch. There site still says it is down.

I'd be counting myself pretty fortunate if this was your most pressing concern in the current climate.

Link to post
Share on other sites
6 hours ago, apophenia said:

There is no incentive for the ransomer to ever give up the encryption keys after receiving the ransom.

The answer(s) here are: Disaster Recovery and Yeah We Are Going To Have To Update The DR Plan Because This One Was Shit.

It depends on the ransomer business model. If this is one and done then no incentive.

More likely they have an ongoing business plan that shows improved returns if they maintain credibility by delivering the encryption keys after payment received.

It may not be a legal business plan but it likely is a profit maximizing one...

Link to post
Share on other sites
13 minutes ago, KC375 said:

It depends on the ransomer business model. If this is one and done then no incentive.

More likely they have an ongoing business plan that shows improved returns if they maintain credibility by delivering the encryption keys after payment received.

It may not be a legal business plan but it likely is a profit maximizing one...

My mother got a ransomware attack once. They said her computer was vulnerable to hackers, they encrypted it for her, and please send $100 for the password. I restored it from backups I had made. You know some people were like thanks, here's $100 :rolleyes:

Link to post
Share on other sites

And I *just*  ...like five days ago, sold my SPOT on CL. grrr.

 

And in other news I changed the batteries in my Garmin GPS 12, from what....like...2004, and it worked. It pulled down four satellites in about ten minutes and gave me an accurate position.

 

Customer data not affected. Yeah. Uh-Huh.  I feel so much better, now.

Link to post
Share on other sites

“In a photo of a Garmin computer with encrypted files shared with BleepingComputer, you can see that the .garminwasted extension was appended to the file's name, and ransom notes were also created for each file.“

-Bleeping Computer

 

 

6FB480CC-DD4A-468F-AC84-518CDEAF9F92.jpeg

Link to post
Share on other sites
23 hours ago, Great White said:

Garmin Connect is still down. I can't login, sync or pair my watch. There site still says it is down.

 

11 hours ago, Gorn FRANTIC!! said:

I'd be counting myself pretty fortunate if this was your most pressing concern in the current climate.

You are right, it is not a life altering issue. What I miss the most is the phone call, email, message and other notifications from my phone. The watch still works stand alone. Just another first world problem!

Link to post
Share on other sites
11 minutes ago, Great White said:

 

You are right, it is not a life altering issue. What I miss the most is the phone call, email, message and other notifications from my phone. The watch still works stand alone. Just another first world problem!

First world problem of course.  
 

However,  conversation floating around pointing out that 50% of companies attacked/shut down like Garmin go belly up within three years after ransomware attack.  
 

Evil Corp go deep end and shut internet providers down?   Not a pleasant thought.

 

Link to post
Share on other sites

I've had a Garmin Explorer+ for two years for the global SOS capability, plus the ability to send Iridium messages and live tracking globally.  This shutdown involves messaging, subscription problems and web services.  Since I subscribed the SOS function has been 100% operational for years, messaging worked  but sometimes  those features have been down for a day or two now and then, this outage is big but I'm sure will be fixed soon.  

I am concerned in that I paid $500USD for the device & $30USD/month for essentially unlimited location pings and messaging which usually worked well.  I just checked and the SOS test message went through within seconds but an email to me was not received, my webpage and shared webpage is inaccessible, so things are majorly fucked up until they fix it.

Last year the ability to forward location to your personal FaceBook page with a link to you location map went down and Garmin drug their feet for 6 months before saying it's a FaceBook problem, not us, forgettabout it.  Too bad, I bought the thing so i could easily keep my friends updated on FaceBook and they advertised the feature for months after it became unavailable   Bad on them.

They better fix these problems fast or I'll have to ditch the device as unsupported, in spite of my $30 subscription fee.  Sad.

  • Like 1
Link to post
Share on other sites

Tonight, Garmin Connect came to life again. The status website says "Limited", but I was able to login, pair my watch and sync my last activities. Everything seems to be there. Still getting maintenance messages.

Link to post
Share on other sites

I got e-mail from them early this AM. Website seems mostly up.  I take their claim that Garmin Pay is unaffected with a grain of salt. I've changed the usual passwords and PIN's. I'll be at the bank today, I'll be changing that PIN as well.

Link to post
Share on other sites
On 7/25/2020 at 3:34 PM, DRIFTW00D said:

Germans sites up now... Did they pay the ransom?

if there's a company with IT capabilities that can't recover their shit after an attack like this,  you really don't want to do business with... 

and all y'all that open iffy attachments with a company computer get all you deserve...

Link to post
Share on other sites

Word is yes a ransomware attack rumoured that Garmin paid 10 Million and received decryption codes

from Stuff NZ

Garmin acknowledges cyberattack, doesn't mention ransomware

FRANK BAJAK09:23, Jul 28 2020

Garmin Hit By Cyberattack

Garmin Hit By Cyberattack.

The GPS device maker Garmin Ltd acknowledged being victimised by a cyberattack last week that encrypted some of its systems, knocking its fitness tracking and pilot navigation services offline. It said systems would be fully restored in the next few days.

In an online statement, the company did not specify that it was the target of a ransomware attack, in which hackers infiltrate a company's network and use encryption to scramble data until payment is received. But a person familiar with the incident response told The Associated Press the attackers had turned over decryption keys that would allow Garmin to unlock the data scrambled in the attack. The person spoke on condition they not be further identified.

The attack crippled company services including Garmin Connect, which is popular with runners and cyclists for tracking workouts, and the FlyGarmin navigation service for pilots. A Garmin spokesperson said the company had no comment beyond its statement.

JAE C. HONG/AP

The GPS device maker Garmin Ltd acknowledged being victimised by a cyberattack last week that encrypted some of its systems.

The online cybersecurity news site BleepingComputer identified the malware as WastedLocker, which various security firms have attributed to the Russian cybercriminal gang Evil Corp. The US government announced in December that it was freezing the assets of members of the group.

READ MORE:
* Garmin online fitness tracker outage leaves users frustrated
* Travelex won't say if it ruled out paying $9m ransomware demand
* Cyberattack clogs world port systems and major networks

Olathe, Kansas-based Garmin said Monday that, in addition to GPS-based services, customer support and company communications were also interrupted by the July 23 attack.

“We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen,” Garmin said in its statement. The attack also didn't affect the functionality of any of its products, which include fitness watches, it added.

Link to post
Share on other sites

It's important to know if Garmin paid the ransom, and whether they just "unlocked" things and went back to business as usual.

If Garmin paid the ransom, that's concerning, unless an unfortunate group of hackers is found in ~6 months, diced into small pieces with the telltale gnawings of a bone saw.

If they paid the ransom and went back to business as usual, then prudence requires that we assume that Garmin's network products are compromised and all future firmware updates are compromised. I'm not even worried about data loss at this point, though that is obviously a concern. I'm more worried about hackers making tiny tweaks to firmware to do their bidding. I can't see myself ever buying a Garmin product or upgrade again.

The only valid solutions are to go back to a safe old backup, or build the system back from known good sources and trusted vendor binaries.

Link to post
Share on other sites
23 hours ago, blunderfull said:

IF Garmin is just decrypting their files and returning to business as usual, that is very bad. The attackers could easily have slipped more malware into Garmin's systems. This could range from subtle firmware tweaks that will go unnoticed for years to outages-on-demand for the networked products. I wouldn't want to be sailing along in the SF Bay when my AIS decides that my boat actually identifies as a PLAN Ballistic Missile Sub.

If Garmin paid the ransom in order to track down the thieves then I hope the thieves have a contingency plan for bone saws.

Link to post
Share on other sites
6 hours ago, apophenia said:

 

If Garmin paid the ransom in order to track down the thieves then I hope the thieves have a contingency plan for bone saws.

But if they paid in Bitcoin how can you track that?

I’m new to this.  In the movies you took the ransom and stashed it in multiple numbered accounts and let it sit for a couple years.   Couldn’t you do same with Bitcoin?

Link to post
Share on other sites
2 hours ago, blunderfull said:

But if they paid in Bitcoin how can you track that?

I’m new to this.  In the movies you took the ransom and stashed it in multiple numbered accounts and let it sit for a couple years.   Couldn’t you do same with Bitcoin?

The thing about Bitcoin, and cryptocurrency generally, is that it is not anonymous. Much like this place, it's pseudonymous. You have an identity here, but it's your responsibility to keep it disconnected from your real world identity.

If you pay someone in BTC, you make a transaction to their bitcoin address. If they want to move the money, they need to make a transaction to a new address. Each new address is an opportunity to slip up and connect with a real world identity.

Moving stolen funds into a numbered account is extremely foolish - you've just connected your pot of gold with a crime via a public ledger. In order to obtain your funds, you need to find some way to launder your BTC that breaks all connections between the transaction and you.

Link to post
Share on other sites
39 minutes ago, apophenia said:

The thing about Bitcoin, and cryptocurrency generally, is that it is not anonymous. Much like this place, it's pseudonymous. You have an identity here, but it's your responsibility to keep it disconnected from your real world identity.

If you pay someone in BTC, you make a transaction to their bitcoin address. If they want to move the money, they need to make a transaction to a new address. Each new address is an opportunity to slip up and connect with a real world identity.

Moving stolen funds into a numbered account is extremely foolish - you've just connected your pot of gold with a crime via a public ledger. In order to obtain your funds, you need to find some way to launder your BTC that breaks all connections between the transaction and you.

I would think then that Panama City is where you take your BTC to the laundry?
 

What’s the likelihood that DoJ subpoenas Garmin for details of possible ransom deal?  
I’m not familiar with any of these malware ransom heists.  

Obviously you would hope  to keep things on the downlow working with a sanctioned outfit like EvilCorp.  Which raises the question of how well hackers knew corp culture at Garmin?  Why would hackers take on a company whose own IT people leaked details of the hack?  I would think they (hackers) would want a quiet backroom sort of attack w/o either side showing any of their cards?

If details of another hack like this leaks out to the public,  I’d say Sebastian Junger has a new book waiting to flesh out.  Can’t wait.

 

Link to post
Share on other sites

It seems strange that they leaked the payoff. If they wanted to find the perpetrators, I would think they would want to keep their lips tightly shut. I imagine the FBI would only give the go-ahead as a way to track down a major criminal outfit.

 

Or maybe Garmin has kissed the ring and truly does not care.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...