Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Technology

Garmin Begins Recovery From Ransomware Attack (bbc.com) 19

An anonymous reader quotes a report from the BBC: The American GPS and fitness-tracker company Garmin is dealing with the aftermath of a ransomware attack, the BBC has confirmed. Owners of its products had been unable to use its services since Thursday. However, some of its online tools are now being provided in a "limited" state, according to its online dashboard. Garmin has said it was "the victim of a cyber-attack that encrypted some of our systems." But the statement it released avoided any reference to a ransom demand.

"Many of our online services were interrupted including website functions, customer support, customer-facing applications, and company communications," it said. "We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen." The firm added that it expected all its systems to return to normal operation within a few days, but warned that there might be a "backlog" of user data to process. It is not known if the firm paid the blackmailers, but a source told the BBC it was in the "final stage of recovery." Some customers have already reported that Garmin's services appear to be "partially" working again.

This discussion has been archived. No new comments can be posted.

Garmin Begins Recovery From Ransomware Attack

Comments Filter:
  • by quietwalker ( 969769 ) <pdughi@gmail.com> on Monday July 27, 2020 @07:07PM (#60337551)

    I seem to remember Garmin primarily being a distributor of relatively expensive encrypted mapping databases required to keep their hardware products up to date. You had to pay a small ransom for the privilege of updating your device so that it would actually remain usable. Ran in the range of $100, somewhere often between 30% and 50% of the unit price, yearly, and only for specific regions.

    • by redback ( 15527 )

      The industry has moved away from that somewhat, and now offer lifetime map updates with devices.

      When I worked retail IT we had people come in and ask us to update maps on old GPS units. We had to tell them that it was $99 plus labour for a map update, or for $129 you can get a whole new unit with a bigger screen and free updates. They always went for the new unit.

    • They are charging for updating maps which they have to update of course. Not the same as a ransom attack where the attacker has offered you no service.

      I personally hope these guys get caught and put in jail, however I think they made a big mistake asking for 10million, just too big. If they asked for 250k then Garmin may have said just pay and get back to business and patch the server. Remember if they pay the amount they may end up in the situation where the servers get attacked a second time and ransome
      • by BranMan ( 29917 )

        "They are charging for updating maps which they have to update of course."

        Well, yes and no. Yes they need to update the map data, but they *need to do that anyway* for the new units they sell. With proper planning it is near zero extra effort. And needs to be done exactly ONCE for each old device. And they can still sell the updates N times. $20 bucks each is plenty of profit, and rewards loyalty.

    • All that's true, but the secret is that you can buy last year's refurb model for basically dick, even with lifetime maps and traffic.

    • by akintayo ( 17599 )

      These days it seems that Garmin makes most of their revenue from fitness trackers and GPS watches. While the trackers and watches do not use the old subscription model, they do depend on cloud-based services for a significant and non-obvious chunk of their functionality, e.g., syncing your watch with your phone This makes this outage worse for Garmin customers, compared with the old navigation unit days where connecting to Garmin was only relevant when you needed to update the map.

      • Open any boating magazine and look at how many come with Garmin MFDs and various accessories like sounders and radar. They're huge in this market.

        Every couple of years I see their boat on my large-ish local lake, presumably out there updating the bathymetry data. Up to date bathymetry is a huge deal for marine mapping, whether its for fishing purposes or for sane navigation due to shifts in channels, debris or shit the official sources can't get updated.

  • for my Garmin satnavs, before OSM became a viable alternative, and it most certainly felt like ransomware too. See how your customer feel Garmin?

    • by Anonymous Coward
      The difference is, you could have elected to not update your device and continued to use it in the same way you always did. Garmin did not have that option. Comparing the two things is deceptive and dishonest.
      • by sjames ( 1099 )

        OTOH, if you don't update, your device slowly but surely becomes useless as it urges you to turn down roads that no longer go where they used to or that have been closed entirely.

        • But unless you live in the developing world, the infrastructure doesn't really change all that much. Once the roads are laid, they generally don't disappear. If someone builds a new road, well, the old directions will still work, although you may have to pay attention to interchanges (SB I-75 to SB I-280 in a particular spot in the USA, I'm looking at you -- it's been wrong in new OEM systems since at least 2017). But, you should be paying attention anyway; you don't want to be one of those idiots that driv

          • by sjames ( 1099 )

            I live in a significant metro area in the U.S. and I can think of at least 4 examples of significant changes to existing roads within 10 minutes of my house. In each case, following the old directions will NOT work.

  • by sinij ( 911942 ) on Monday July 27, 2020 @08:03PM (#60337633)
    Otherwise they would be lost.
  • by gavron ( 1300111 ) on Monday July 27, 2020 @11:37PM (#60337913)

    The discussion has shifted a bit from Garmin being pwned by ransomeware (and not owning up to it) to their charging for maps.

    If you have an aircraft you can pay between $10K - $70K for a Garmin device that then still requires updates costing hundreds of dollars per update (or thousands per year). It's not a "connected" device... so it's not on the net, not dependent on it, and takes updates (slowly) via USB... but Garmin is the predator in that market. There are other mfgs, but having "all Garmin nav" is a selling point.

    They didn't secure their internal network. They got pwned. They've screwed many people for years and in the avitation industry still do.

    No sympathies.

    Ehud Gavron
    FAA Commercial Helicopter Pilot

  • "We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen."

    This is the big problem with ransomware and paying the ransom. If the data was encrypted then it was accessed and could have been altered, exfiltrated, etc.
    The integrity of data encrypted/decrypted by ransomware should always be in question. They could have intentionally left a back door or accidentally corrupted the data with bad code.

  • Is this ever going to get better?
  • Thank you for this information. I'm glad Garmin is recovering. I have always relied on their maps till date. I was once driving in a new part near my town and I got lost. Thankfully, I had updated my maps using garmin express [garminexpressupdater.com]. If I was facing any issue on my device I could easily just use this to resolve the error. I recommend it to anyone looking to update their gps maps.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (1) Gee, I wish we hadn't backed down on 'noalias'.

Working...