Update: 7/30: Garmin's president and CEO Clifton Pemble addressed the attack in his introductory speech at Garmin's earnings call.
"[...] Most of you are aware of the recent cyberattack that led to a network outage affecting much of our website and consumer-facing applications," Pemble said. "We immediately assessed the nature of the attack and started remediation efforts. We have no indication that any customer data was accessed, lost or stolen.
"Additionally, the functionality of Garmin products was not affected other than the ability to access some online services. Critical affected business systems have been restored, and we expect to restore remaining systems in the coming days. We appreciate the patience and kind words of support we've received from customers and friends during this challenge."
Garmin Connect's status page (opens in new tab) shows that activity details and uploads are now working normally, so your workouts should sync correctly from your devices to the app. The one service still marked as down is Vivofit Jr – the app that connects to Garmin's line of children's fitness trackers.
Garmin has confirmed that the outage it has been suffering since July 23 was due to a cyber attack, and that it will be resuming normal functionality soon.
While it was originally dubbed a simple maintenance window, the length of time users were unable to upload runs and workouts or access things like aviation databases and marine navigation showed that this was a much larger issue.
Garmin's full statement is below:
"Garmin...today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications.
"We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen.
"Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.
"Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage.
"As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition."
We’d like to thank all of our customers for your patience and understanding. For more information, please visit https://t.co/U3vwBre4U2.July 27, 2020
How did this happen?
Originally, Garmin users noticed a long maintenance period where they were unable to access key services. Then a tweet confirmed the brand was "experiencing an outage that affects Garmin Connect, and as a result, the Garmin Connect website and mobile app are down at this time".
Rumors began to quickly emerge that Garmin was subject to a large ransomware attack that had meant it needed to pull its entire platform offline.
TechRadar spoke to the brand after 48 hours of the outage and got a statement to confirm the entirety of its operations were not functioning:
”Garmin is currently experiencing an outage that affects Garmin services including Garmin Connect and Garmin Pilot. As a result of the outage, some features and services across these platforms are unavailable to customers. Additionally, our product support call centers are affected by the outage and as a result, we are currently unable to receive any calls, emails or online chats.
“We are working to restore our systems as quickly as possible and apologize for the inconvenience. Additional updates will be provided as they become available.”
The brand then directed TechRadar to a short Q&A on how Garmin Connect's outage hasn't affected user data – with the main response to user data being impacted offering the most solace to users:
“Garmin has no indication that this outage has affected your data, including activity, payment or other personal information.”
On Monday, July 27, after four days of issues for Garmin Connect and its associated services, syncing and access to databases began to return, and the fitness brand admitted that it had been subject to a large cyber attack.
What's actually happening?
It's interesting to note the way Garmin is describing the attack, saying it was "the victim of a cyber attack that encrypted some of our systems".
That seems likely to be ransomware, but the brand has shied away from confirming a ransom was demanded to unlock its users data and access to databases.
However, multiple outlets spoke to sources claiming direct knowledge of the matter, or Garmin employees, and they all explained that a large ransom was being demanded to unlock large portions of the system, and that emergency measures had been implemented to protect Garmin's platforms.
Sources speaking to BleepingComputer (opens in new tab) said first-hand sources with knowledge of the matter confirmed this was a ransomware attack, locking parts of the Garmin system. According to screenshots allegedly sourced from Garmin employees, files were locked under the title ‘GarminWasted’, and attackers demanded a ransom fee to unlock each one.
It seems unlikely that Garmin would have paid the fee to unlock its files. The ransomware in question, WastedLocker, is believed to be operated by a Russian gang known as Hacking Corp, which, as Sky News (opens in new tab) reports, was sanctioned by the US Treasury last year for committing "two of the worst computer hacking and bank fraud schemes of the past decade".
This prohibits US persons from engaging in transactions with the criminals. It's not clear whether this would apply when a business or individual is being extorted, but anonymous sources speaking to Sky said that Garmin had not made a direct payment to its attackers to release its data.
According to the BleepingComputer source above, Garmin shut down devices in a data center to prevent them being encrypted, so it's possible that it was able to keep its backups isolated.
ZDNet (opens in new tab) cites a report from Taiwanese technology site iThome (opens in new tab), which claims a memo was sent to Garmin's Taiwanese production facilities saying that 'servers and databases' were attacked, and that production lines were being shut down for two days for maintenance.
Cyclists and runners might have been frustrated by the outage, but it seems that Garmin prioritized more essential services as it began restoring its systems.
Pilot software and navigation database FlyGarmin (used for Garmin navigational systems) went down, reportedly resulting in the grounding of some planes. However, an update to the FlyGarmin status page (opens in new tab) late on Sunday, July 26, showed that Garmin Pilot Apps, FlyGarmin, Connext Services and FltPlan.com were all operational.
Readers contacted TechRadar with their experiences, with one user telling us: “Garmin Golf is down, the app cannot be used on a smart phone, so no maps or golf GPS and you cannot use the golf GPS app on a watch because it cannot connect to Connect.”
Again, this problem seems to have been fixed according to Garmin's status page (opens in new tab), which now lists Garmin Golf as online.
The outage also affected third-party apps that use data from Garmin. Strava's metrics show that uploads from Garmin Connect dropped off completely on July 23 - with overall Strava uploads down by over a third in that time.
Activities recorded using Garmin devices are now starting to sync to Strava, but users have been warned that the sheer volume of data means it could take a week or longer for all workouts to be uploaded. If you can't wait that long, you can upload your activities to Strava manually.
Is my data safe?
Some sites speculated that historical data went missing from the Connect database, leading to worries that user data has been compromised.
However, there has been no suggestion at this point that sensitive information has been taken by hackers - Garmin confirmed after 48 hours that there was no ‘indication’ of the outage affecting data, including activity, payment or personal information, a statement reiterated as it admitted it was subject to a cyber attack.
A recent report from TechCrunch (opens in new tab), citing two sources it claims have ‘direct knowledge of the incident’, says that this attack was caused by WastedLocker ransomware. The report states that this ransomware does not appear to be able to steal or pull data from locked files.
This means that if Garmin backed up its data before the attack - and the fact it's now resuming service suggests it might - then users' information should be safe.
Your day-to-day data during the outage has been saved on your device - whether that's thinking about your body battery, stress levels or your daily step counts - and that data will slowly sync with Garmin's servers in the coming days.
When the service is back to 100%, all this data will be brought back into the Connect app so you'll be able to see everything that's happened physiologically.
What is ransomware?
Garmin has confirmed that it was the victim of a "cyber attack", and although it hasn't said what the attack entailed, the sources quoted by BleepingComputer (opens in new tab) on July 23 (believed to be a person close to the incident and a Garmin employee) both said ransomware was the tool used.
"Ransomware attacks are frighteningly common," computer security expert Graham Cluley (opens in new tab) told TechRadar. "It's been one of the biggest types of cybercrime in the last few years. They hit both individuals and organizations, and have sometimes netted cybercriminals millions of dollars."
Ransomware is a type of malicious software that encrypts important files, making them unusable, and will only decrypt them if the victim pays a ransom fee (usually via Bitcoin, so it can't be tracked).
"Obviously not everyone can afford to pay - which means they may not only lose precocious work, but irreplaceable files of sentimental value such as family photographs," says Cluley. "The moral? Make regular secure backups and ensure that they work.
"Unfortunately, there's another danger from ransomware attacks which has become more common in the last year or so. And that's where the attackers don't just encrypt a company's data but also steal it, threatening to release it on the net or sell it to other cybercriminals if a company doesn't pay up.
"If that's the case, a backup might get a company up and running again - but it doesn't resolve the issue of a major data leak that could be damaging to the firm and its customers."
According to BleepingComputer's sources, Garmin may have been hit by a strain of ransomware known as WastedLocker, developed by a malware exploitation gang known as Evil Corp.
As Malwarebytes (opens in new tab) explains, WastedLocker attacks are customized to target specific organizations, and the ransom demands are steep, ranging from $50,000 (about £40,000, AU$70,000) to over $10 million (about £8 million, AU$14 million) in Bitcoin.
What does that mean for Garmin?
While Garmin has now confirmed the attack, with the company due to report its profits on July 29, customers and investors alike will be looking for reassurance that its systems are now secure, and data is safe.
“The long term damage of this to Garmin can’t be underestimated," Geoff Blaber, VP of research for market analyst firm CCS Insight, told TechRadar.
"Garmin is known for its hardware but this shines a light on the role its software and backend infrastructure plays in supporting users from aviation to cycling and running. Data is where companies are increasingly trying to differentiate but with services unavailable, there will inevitably be questions of the value Garmin brings.
“For many fitness fans, Strava is the platform that matters with Garmin Connect acting as a bridge in order to sync activities. This will increase the volume on demands for a more streamlined experience that syncs directly to Strava and gives users choice on whether to use Connect’s broader feature set.
“Garmin will almost certainly have a duty to report the details of what exactly was compromised and how. In Europe specifically, the General Data Protection Regulation (GDPR) will mean Garmin will be fully accountable.”
But how can I upload to Strava?
Garmin activities have begun syncing to third-party apps, but Strava has warned users that the sheer volume of data means your workouts could take a week to appear, or even longer.
If you're desperate to get your data from your watch onto Strava or similar platforms (in order to get the recognition for your Friday run to the shops and back... or perhaps a 200 mile cycle ride) then you can still do this manually.
You'll need to get the cable that you use to charge your device and plug it into your computer. For most devices, it will show up as an accessible drive (in the case of Windows) or in Finder (for Macs).
Open up the device, click the 'Garmin' folder and head to 'Activity'. In here, you'll find your fitness workouts as '.FIT' files - they may be listed from oldest to newest, so look for one with a recent date and save that to your desktop.
(If you have a newer watch that has music storage capabilities, it'll show as a 'primary' device. Click this, and then follow the same options above.)
Once you've got your relevant .FIT files, head to Strava.com on your browser, log in and hit the '+' icon in the top right-hand corner. Select 'Upload activity' and then choose 'File upload on the left-hand side of the next screen.
From here, simply navigate to your desktop (or Garmin watch directly if you're feeling fancy and decided not to copy the files across) and click the correct files. If they're new activities (as in, you didn't accidentally already upload them) then they'll process, and you can fill in the information on your workout as normal.
Then watch as the kudos roll in, as most of your friends will be scratching their heads as to how to get their runs online.
(If you want more depth on how to upload your runs for other devices, including discussions on how to get your runs off older, ANT+-enabled devices, DC Rainmaker has an excellent guide to check out).
- When Connect returns, these are the best Garmin watches
- Best ransomware protection: all the tools you need and whether to pay