Tough Few Days For Garmin. But Is Their Ransomware Problem Over?
FAILED. If you’ve tried to upload wirelessly with your Garmin GPS unit lately, you’ve seen that disappointing notification. So, what happened with Garmin?
It’s been less than a week since tens of thousands of Garmin user began seeing banners on Garmin’s in-house app, Garmin Connect. Even before trying to refresh or upload their activities, a pale orange announcement let athletes know that normal functionality would be affected by server maintenance. That was decidedly not the case. Just hours later on Thursday, July 23, rumors spread that Garmin had been hit by ransomware.
Ransomware is a criminal act that encrypts a company’s data and information, locking it down and rendering it inaccessible. For Garmin, that didn’t just mean that it couldn’t use its servers; it meant that all users couldn’t use its servers. If the user data was trapped on Garmin’s end, then newer activities were trapped on athlete’s units around the world.
For most Garmin users, the inconvenience was a bigger issue than the ransomware. It made athletes revert to the habits we haven’t seen since BLE uploads became the norm five or six years ago. Instead of seamless upload to Garmin Connect and connected apps like Strava, users had to take, say, five minutes to plug in their device and upload the old fashioned way.
That’s nothing to worry about, but Garmin’s portfolio includes many products and services that extend into aviation and routing for drivers and commercial trucking. While those services didn’t fail, pilots and truckers reported slow or inconsistent issues with products. In many ways, the situation could have been much worse.
There are plenty of scenarios that could have made this far more dangerous. Releasing the ransomed data, actively redirecting users, and even using the routing information to bring navigation to halt. But perhaps the biggest risk is what happens next.
Garmin announced Monday, July 27 that its services would slowly return to normal operations over the course of several days. That leads to speculation that Garmin decided to pay the reported $10 million ransom to unlock their servers. While that’s good for cyclists, it does introduce the risk that such an attack may happen again. In fact, with a successful payment, it may make Garmin and all companies even more likely to face cyber crime by rewarding nefarious agents.
According to experts, paying does nothing to ensure that Garmin user data is safe. It’s common for hackers to leave “time bombs” embedded in networks that trigger yet another lockdown weeks or months later that renew the attack and demand another payment. There’s no telling what hackers have left behind, and even the best cyber security experts can fail to spot clues in the mountains of user and corporate data.
It’s almost important to remember that the data Garmin holds isn’t limited to your bike rides. Garmin has the information of millions of users, and tens of thousands of Garmin users also store payment information through the company’s NCF mobile payment service, Garmin Pay. That’s a far more actionable and dangerous access to bank accounts and credit cards than subscription billing or purchase histories.
For now, Garmin users can use their products confidently, but it may be a good time to look at what sort of information is saved on your device and in your Garmin Connect account.