According to US law, you are not allowed to pay, or?
1 Like
Makes sense. Hoping we can learn something about it for the sake of general curiosity.
They are releasing Q2 financials Wednesday, presumably they will tell more then. Certainly analysts will press for info.
1 Like
You’re allowed to pay, but doing so is pretty bad reputationally for customers and investors and also makes it more likely you’ll be a target for further attacks since it’s now known that not only do you not have the ability to keep attackers out but that you also don’t have the backups and other resiliency processes in place to recover from an attack.
I have no inside knowledge on this particular situation, but extrapolating from what’s known and having helped deal with similar attacks before I’d guess Garmin believe they have the capability to recover from this and get fully back online with minimal data losses without paying the ransom. If you’re going to pay the ransom the best time to do it is ASAP and before it becomes too public that you’ve been hacked. If you’re going to go offline for multiple days and let it turn into a big news story then you’d better hope you can recover. Since going through that kind of disruption and then STILL ending up paying the ransom at the end of it is much worse than just paying up on Day 1 and maybe being able to pass the whole thing off as an upgrade gone wrong or a network outage.
These kind of hackers are businessmen - they typically don’t want to embarrass you or wreck your company, they set the ransom at a level which is affordable and they want you to pay up quickly and quietly. That’s good business. They also tend to be extremely reliable at giving your data back once you’ve paid, since reneging on the deal is bad for business and will encourage future victims to try and get out of the mess themselves rather than paying up.
4 Likes
Yeah, basically think about how blackmail and protection rackets have worked throughout history and you have the bones of it.
Anyway, i received an answer of product Support to an open ticket, looks like they are back in their Office
just in case anyone missed this news from UK BBC News website.
1 Like
Latest statement from Garmin on Garmin International | Home
Garmin Ltd. was the victim of a cyber attack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer facing applications, and company communications. We immediately began to assess the nature of the attack and started remediation.
We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services. Affected systems are being restored and we expect to return to normal operation over the next few days.
As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.
3 Likes
Read that 3 mins ago. Surprised they actually confirmed it was a ransomware attack.
1 Like
Garmin paid the ransom? 
4 Likes
“Cyber criminals sanctioned in the US…” nice typo, lol.
Edit: or maybe they mean it in the “penalized” sense. Still, terrible word choice.
Well, well. Thanks Garmin, youve made the world a little worse for the rest of us.
2 Likes
Reading more about Wastedlocker, it looks like it’s Windows-only. Is Garmin an Windows shop? Dev on Windows, deploy to Windows?
I mean. Did they even had a choice?
I would had hope they had some physically separated backup… but if they paid, they might have not.
You only need parts of the company on Windows, and that part to be connected to your storage. Administrative functions of most companies run over Windows, most ERP access will be done from Windows machines, and support is commonly also done from Windows machines. That trio is sufficient to sink you.
Physical separation is not what protects (or doesn’t protect) you: it’s access separation that matters. Since most backups are automated over the network, once you have access to a machine you have access to its backups, unless the backup solution is pretty solid security-wise.
1 Like
What i meant was a system out of the network for backups.
offline backups…only connected while backing up.
The idea is to protect the data in case of things like this.
1 Like
Why would non-prod Windows machines be connected to prod storage? I’d love to know the details. I was hoping, likely in vain, that Garmin would enlighten us with a detailed blog post of how they were affected, how they restored, and what changes they are making to ensure this never happens again.
2 Likes
Maybe they will once everything is back to normal.
I imagine they are currently dealing with a few days worth of backed rides and runs etc.
And they need to check that they’ve got back everything that was taken, without leaving another backdoor open.
You have truckloads of “non-prod” machines connected to the ERP - supply chain loading costs, dev loading BOMs, sustaining loading ECOs, sales loading demand, logistics loading inventory movements, etc…