Archive for July 27, 2020

A Rumor Claims That Garmin “Obtained” The Decryption Key To Get Their Data Back…. The Facts Say That Garmin Is Down Again

Posted in Commentary with tags on July 27, 2020 by itnerd

A report from Sky News says that Garmin has “obtained” the decryption key to get them out of their ransomware mess:

Smartwatch maker Garmin has obtained the decryption key to recover its computer files from a ransomware attack last Thursday, Sky News has learned.

The thing is, Sky News offers up no proof whatsoever. At least when the news that Garmin had been pwned by ransomware first appeared, there was proof from a variety of sources to back this up. But that’s not the case here. And what makes this report questionable:

Security sources who spoke to Sky News said WastedLocker is believed to be developed by Evil Corp, a hacking group based in Russia which was sanctioned by the US Treasury last December

The sanctions mean that “US persons are generally prohibited from engaging in transactions” with the cyber criminals, although the US Treasury did not respond to questions about whether the general prohibition applied in the circumstances of extortion.

Sources with knowledge of the Garmin incident who spoke to Sky News on the condition of anonymity said that the company – an American multinational which is publicly listed on the NASDAQ – did not directly make a payment to the hackers.

So if Garmin did make the payment, they didn’t do so directly to try and evade the fact that paying Evil Corp would be illegal. That’s not unusual as I have heard of these third party payments to ransomware gangs happening in other situations. It all depends on how much the data is worth to the organization that got pwned.

But let’s move from rumor to fact. Garmin Connect is down again based on their status page as of 10PM Monday. Here’s a screenshot:

This has stretched the patience of Garmin users as it was partially up earlier today, which gave Garmin users some hope. But any hope is likely gone now and Garmin is now back to handling a PR disaster. If everything that happened over the weekend wasn’t going to drive Garmin customers to competitive products, I’m going to guess that this latest incident will.

It sure sucks to be Garmin right now.

UPDATE: As of 11:15 PM Garmin Connect appears to be back to being somewhat online.

Meet The Faces of The Rainbow Six Siege North American League: Canada Division

Posted in Commentary with tags on July 27, 2020 by itnerd

Since the official kick-off of the Rainbow Six Siege North America League: Canada Division, we’ve seen incredible matches between some of Canada’s top Esports players and it’s only getting more and more intense as the matches go by!

Just as important as the game we love so much to watch, is the teams and players behind the screens who put on a show for us every week and battle to become Canada’s top Rainbow Six Siege team.

Mirage Esports: 2 wins, 0 losses

R6:S Roster:

Nordik Esports: 1 win, 1 loss

R6:S Roster:

Altiora: 1 win, 1 loss

R6:S Roster:

LiViD Gaming: 0 wins, 2 losses

R6:S Roster:

Make sure to tune into for all the action!

Garmin Admits Ransomware Took Them Down….. But Things Are Coming Back Online

Posted in Commentary with tags on July 27, 2020 by itnerd

Garmin has just posted a news release admitting that it was a victim of a cyberattack. Here’s the relevant part:

Garmin Ltd., today announced it was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.

Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage. As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.

Well, this is better than what Garmin had been doing up until this point. Which is to not have that much communication with their customer base. In my testing with my Garmin Edge 830 cycling computer along with the Garmin Connect app I can confirm that some of the functionality is working. Specifically:

  • I can see my activity history again in Garmin Connect. Though I am missing a cycling activity from Thursday that is thankfully present in Strava. Because, if it is not in Strava, it didn’t happen.
  • Syncing from my Edge 830 isn’t working. None of the activities that I see in Garmin Connect isn’t syncing down to the Edge 830.
  • There are still error messages in Garmin Connect saying that they are still down which isn’t a surprise as Garmin has made it clear that it will take days to fully bring things online.

The thing is that this will not likely keep people from asking questions about what happened, and more importantly what Garmin is going to do to make sure that this doesn’t happen again. I suspect that we might get those answers on Wednesday when Garmin releases their quarterly statement.

UPDATE: If you want to check the status of Garmin’s various services that are related to Garmin Connect, click here to see their status page.

The Garmin Ransomware Attack Is Much Bigger Than You Think

Posted in Commentary with tags on July 27, 2020 by itnerd

This Garmin ransomware attack is a huge deal. Sure the thing that people are talking about is that athletes who use their kit can’t upload and analyze their runs, rides, or anything else that they might have done for the last several days. But it’s much worse than that on multiple fronts. Let’s start with the fact that Garmin does more than just fitness gear. They do car SatNav systems, marine SatNav systems, and aviation SatNav systems. The latter has now become an issue based on this Reddit post:

As of right now the FAA has just grounded our small fleet of aircraft (won’t say which company) as we rely on Garmin aviation database on our navigational systems. We need to run an up-to-date version of this database (it’s a FAA requirement) and can’t comply. from r/Garmin

That’s not good. If aircraft get grounded, and aircraft fleet owners can’t make money, lawyers get called. And Garmin’s nightmare will go from bad to worse when those lawyers start to call Garmin HQ.

And there’s the fact that it appears that their top end smart watches that are preferred by runners seem to have developed issues since this outage has started:

Garmin’s smartwatch woes continue as GPS and run tracking for distance wasn’t available and devices such as the Fenix line were caught in a “saving” loop that required a reset. The same problem affects indoor activities even without GPS connections. 

At the moment, it’s unclear whether the GPS signal issues with the Garmin devices are related to the company’s ransomware attackand bungled handling of it, but your Sunday morning run won’t be quantified.

Bad as that those two things are, it’s actually worse than that.

Let’s say whomever launched this attack was in Garmin’s network for weeks, months, or years. They could have stolen all sorts of data from Garmin’s network. Be it intellectual property, like the designs for new products. Or your personal data. Such as your name, address, your email address, the name or names of your emergency contact info and their personal info. Not to mention all the location data from whatever activities you do. The personal info could be used to launch targeted phishing attacks that would be very convincing. The latter could be interesting for someone who wanted to learn more about you so that they could exploit you in some way.

Oh, it actually gets worse than that.

People have been saying why haven’t Garmin gotten things online yet. Those people would include me:

Then they put out a FAQ on Saturday that you can find here. My thoughts on that were as follows:

Now Garmin’s response to this from a PR perspective has been in a word, shambolic. They have done a horrible job of reassuring users and giving said users an incentive to stick with the brand and not defect to a competitor. But here’s the reality that even I need to remember. They likely could not share a whole lot with Garmin users in terms of detail. Possibly because they don’t know how bad this is. Possibly because law enforcement is involved and they told Garmin to keep quiet. Or possibly because lawyers are involved and they told Garmin to keep quiet. But let’s say that they don’t know how bad this is. That would mean that Garmin was and still is auditing the hell out of their systems to figure out if they can carve out and isolate the sections that have been affected by the ransomware, and checking over everything else to make sure that nothing is lying in wait to encrypt everything in sight. On top of that, they would need to audit their backups and make sure that they don’t have anything lying in wait by doing a test backup and looking for anything bad. That’s important because as I said earlier, if the bad actors were in the Garmin network for weeks, months, or years, those backups would be worthless. Which means that this outage will drag on for a very long time. As in weeks or perhaps longer. Unless of course Garmin pays the $10 million that the bad actors behind this want. Which they likely won’t. Or at least they shouldn’t.

At least Garmin is looking for a Cyber Security Engineer to make sure that this doesn’t happen again. Though that’s cold comfort to Garmin users at the moment.

One final point, if you read their FAQ which you can find here, it says this among other things:

Was my data impacted as a result of the outage?

Garmin has no indication that this outage has affected your data, including activity, payment or other personal information.

Having “no indication” that users data was affected is not a definitive statement. That seems to indicate to me that Garmin must think that user data might have been affected in some way. That’s not good if you’re a Garmin user. And it may be enough to send you to a competitive product.

So this is a very bad situation for Garmin and for their customers. But as I type this, Garmin appears to be starting to get their Garmin Connect infrastructure online. So there may be light at the end of the tunnel for those who use Garmin products. But still, there’s a lot of questions that will need to be answered about this incident. And since Garmin is scheduled to report their quarterly results on Wednesday, and that reporting is usually accompanied with a Q&A session with key executives, I for one will be interested in what they have to say about this incident.