Garmin shuts down services after ransomware attack

Garmin shuts down services after ransomware attack

Smartwatch and wearable maker Garmin has been a target of a ransomware attack that forced the company to shut down its support services and production.

At the time of the outage on Thursday July 23, Garmin representatives were not able to publicly confirm the incident was caused by ransomware.

According to some news sources, however, some employees posted details about the ransomware attack to social media shortly after the outage. Some even called the ransomware “WastedLocker.”

Security firm SentinelOne posted details about the relatively new ransomware family WastedLocker, which is designed to abuse ADS and NTFS File Attributes.

As of late Thursday, ZDNet said they were unable to verify the employees’ claims of the ransomware attack and said the root cause was likely still “speculation” at that time.

In a public announcement posted to their website and Twitter, Garmin confirmed the outage:

“We are currently experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”


Most of Garmin’s customers rely on Garmin Connect service to sync running or biking data from your smartwatch or wearable device.

In addition, flyGarmin, a web service used to support aviation navigational systems, also went down. Pilots confirmed they were unable to download key navigational data to their devices.

Ransomware continues to be a costly threat to organizations of all sizes. Readers can check out related articles for other related ransomware attacks, such as Snake, Ekans and WannaCry.

Update (July 27, 2020): Garmin issued an update on July 27 on the security incident via a press release:

“Garmin Ltd. (NASDAQ: GRMN), today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.”


Garmin also said affected systems are being restored and expect to return to normal operation over the next few days.

Related Articles