Boston Herald

Garmin acknowledg­es cyberattac­k

Company doesn’t mention whether infiltrati­on involved ransomware

- — assoCiated Press

The GPS device maker Garmin Ltd. acknowledg­ed Monday being victimized by a cyberattac­k last week that encrypted some of its systems, knocking its fitness tracking and pilot navigation services offline.

It said systems would be fully restored in the next few days.

In an online statement, the company did not specify that it was the target of a ransomware attack, in which hackers infiltrate a company’s network and use encryption to scramble data until payment is received.

But a person familiar with the incident response said the attackers had turned over decryption keys that would allow Garmin to unlock the data scrambled in the attack.

The person spoke on condition they not be further identified.

The attack crippled company services including Garmin Connect, which is popular with runners and cyclists for tracking workouts, and the FlyGarmin navigation service for pilots. A Garmin spokespers­on said the company had no comment beyond its statement.

The online cybersecur­ity news site BleepingCo­mputer identified the malware as WastedLock­er, which various security firms have attributed to the Russian cybercrimi­nal gang Evil Corp. The U.S. government announced in December that it was freezing the assets of members of the group.

Garmin, based in Olathe, Kan., said Monday that, in addition to GPS-based services, customer support and company communicat­ions were also interrupte­d by the July 23 attack.

“We have no indication that any customer data, including payment informatio­n from Garmin Pay, was accessed, lost or stolen,” Garmin said in its statement. The attack also didn’t affect the functional­ity of any of its products, which include fitness watches, it added.

Ransomware is a growing threat and experts say it will only get worse if victims keep paying ransoms. In the U.S. last year, ransomware attacks on state and local government­s, health-care providers and educationa­l institutio­ns alone caused an estimated $7.5 billion in damage, according to the cybersecur­ity firm Emsisoft.

?? AP file ?? APP VULNERABIL­ITY: Garmin's Vivofit 2 fitness tracker is shown at the Internatio­nal CES trade show, in Las Vegas in 2015. Garmin Connect, an app and website that works with the company's popular line of fitness watches, was out of service on Friday and the company attributed it to a cyber attack.
AP file APP VULNERABIL­ITY: Garmin's Vivofit 2 fitness tracker is shown at the Internatio­nal CES trade show, in Las Vegas in 2015. Garmin Connect, an app and website that works with the company's popular line of fitness watches, was out of service on Friday and the company attributed it to a cyber attack.

Newspapers in English

Newspapers from United States