Garmin restores some services, a week after a ransomware attack

Garmin has begun to restore its services, a week after they were brought down by a suspected ransomware attack.

According to Sky News, Garmin has obtained the decryption key to recover its computer files, presumably after paying a ransom.

Garmin said in a statement on its website that some of its operations were back online. “[…] many of the systems and services affected by the recent outage, including Garmin Connect, are returning to operation. Some features still have temporary limitations while all of the data is being processed.”

Garmin makes GPS-enabled fitness trackers. Its GarminConnect service syncs health and fitness data with user’s smartphones. Also affected were the company’s call centre operations, leaving the company unable to answer calls, emails or online chats. Its production facility in Taiwan was also shuttered.

It also sells flyGarmin, a web service that supports the company’s line of aviation navigational equipment. Pilots who use the service were unable to download up-to-date aviation databases, which is a legal requirement in some countries.

Last week, a ransomware virus known as WastedLocker encrypted all the data on Garmin’s servers and demanded a ransom be paid for the files to be decrypted.

WastedLocker is believed to be the product of Evil Corp, a notorious hacking group based in Russia that was sanctioned by the US Treasury last December.

Last month, cybersecurity firm Symantec said it had identified a string of attacks against U.S. companies by Evil Corp. Symantec said the vast majority of targets were major corporations, including many household names, and eight targets were Fortune 500 companies.

Organisations face an increasing threat from ransomware attacks. Speaking to Gulf Business, Sam Curry, CSO at cybersecurity company Cybereason, described the ransomware attack on Garmin as “the corporate equivalent of a heart attack.”