Garmin begins recovery from ransomware attack


Image copyright
Getty Images

Image caption

Garmin’s tech powers all kinds of fitness trackers

The American GPS and fitness-tracker company Garmin is dealing with the aftermath of a ransomware attack, the BBC has confirmed.

Owners of its products had been unable to use its services since Thursday.

However, some of its online tools are now being provided in a “limited” state, according to its online dashboard.

It is not known if the firm paid the blackmailers, but a source said it was in the “final stage of recovery”.

The BBC’s cyber reporter Joe Tidy said the malware involved was Wasted Locker – a program that scrambles the target’s data, and was first detected in the wild around April. Victims are typically contacted after their computers are infected, and told they must transfer funds if they want to return the files to their original state.

Some customers have reported that Garmin’s services appear to be “partially” working again.

Earlier reports claimed that the company had been asked to pay $10m (£7.79m) to get its systems back online.

Garmin has yet to comment.

  • Twitter hack: Bitcoin exchange ‘blocked 1,000 transactions’
  • How hackers extorted $1.14m from a US university

Some users reported on Twitter on Monday morning that their health and fitness data was now visible on Garmin’s mobile app.

However, numerous other functions appeared to still be offline.

Pilots who use flyGarmin were unable to download up-to-date aviation databases, which aviation regulators such as the FAA require pilots to have, before they can fly.

Customers were also unable to log into Garmin Connect to record and analyse their health and fitness data.

In an email to its users on Sunday, Garmin said it would no longer be responding to user queries about delayed uploads to its servers because “most of the issues will resolve themselves”.

Users were warned that there may be a delay of a “week or longer” for updated health and fitness data to appear on their accounts, due to a backlog.

The company also insisted there was “no indication” that user data had been stolen or removed.