Garmin hack

tunney · 23-07-2020 6:29pm #1

Garmin got owned. Ransomware.

A lot of data about to go to /dev/null

mickuhaha · 23-07-2020 6:31pm

tunney wrote: »

Garmin got owned. Ransomware.

A lot of data about to go to /dev/null

Any more info of links?

tunney · 23-07-2020 6:34pm

mickuhaha wrote: »

Any more info of links?

https://news.ycombinator.com/item?id=23926289
https://www.reddit.com/r/garmin

tunney · 23-07-2020 6:37pm

https://www.theregister.com/2020/07/23/garmin_outage/

Alun · 23-07-2020 6:40pm

On my Garmin fenix 6x I can still see all my activities going back to late last year, even though I can't access them via Garmin connect, so even if they've lost some recent data, if they can roll back to their most recent backup I shouldn't lose anything.

tunney · 23-07-2020 7:13pm

Alun wrote: »

On my Garmin fenix 6x I can still see all my activities going back to late last year, even though I can't access them via Garmin connect, so even if they've lost some recent data, if they can roll back to their most recent backup I shouldn't lose anything.

That's a relief we were all worried about you.

tunney · 23-07-2020 7:34pm

Alun wrote: »

On my Garmin fenix 6x I can still see all my activities going back to late last year, even though I can't access them via Garmin connect, so even if they've lost some recent data, if they can roll back to their most recent backup I shouldn't lose anything.

A lot of people have, sorry had, data going back a decade or more. Multiple devices, training, health, sleep, routes.

Also that is there the fact that companies that fall victim to breaches of this size usually do not survive

touts · 23-07-2020 7:39pm

tunney wrote: »

Also that is there the fact that companies that fall victim to breaches of this size usually do not survive

Not true. It depends how they handle it. I worked for a Multinational that fell victim of a random wear attack about 5 years ago. I'd say they are now about double the size they were back then. Certainly the share price is and they have acquired a few competitors since then.

tunney · 23-07-2020 7:43pm

touts wrote: »

Not true. It depends how they handle it. I worked for a Multinational that fell victim of a random wear attack about 5 years ago. I'd say they are now about double the size they were back then. Certainly the share price is and they have acquired a few competitors since then.

Okay 1/5 then, nothing wrong with a bit of hyperbole ðŸ˜€

https://www.computerweekly.com/news/450301845/One-in-five-businesses-hit-by-ransomware-are-forced-to-close-study-shows

Alun · 23-07-2020 7:49pm

tunney wrote: »

That's a relief we were all worried about you.

That's nice. Point is that assuming they manage to roll back their systems to a backup from some point in the past, most watches will have enough storage to store a significant number of past activities. Once they're back online, if there are any recent activities missing, they'll hopefully be synced back to Garmin connect the next time you sync.

tunney · 24-07-2020 7:45am

"Garmin is precisely the kind of company that Evil Corp tends to go after. These attacks can be especially devastating given the crew’s penchant for targeting both sensitive files and any backups that are found."

https://www.forbes.com/sites/leemathews/2020/07/23/garmins-alleged-ransomware-wastedlocker-evil-corp/

Don't assume the backups survive.

Also if you reuse passwords, change them.

sconhome · 24-07-2020 8:50am

Alun wrote: »

...they manage to roll back their systems to a backup from some point in the past..

Apparently this particular ransomware targets online backups also so unless Garmin have being backing up data offline as a secondary security level there could be a big risk to it all.

Alun · 24-07-2020 8:50am

Most large companies like this will have a multilayered backup and disaster recovery strategy which will involve off-site and offline backups that aren't connected to the company's own network. Tape based systems are common in enterprise scale backup system and these aren't directly accessible in the same way disk based backups are. They're much slower to recover from, so it might take a while and they might not be bang up to date but it's better than losing everything.

tunney · 25-07-2020 7:32pm

https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/?guccounter=1

peter kern · 26-07-2020 1:59pm

tunney wrote: »

https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/?guccounter=1

so it would appear that the ransom company cant do much. i cant see how a company like garmin would not have back up data

or in other words , since yesterday you would have lost another 50 euro ( triathlon in waterville was on (, i would bet 50 euro, garmin will still exist in 1 year even if they did not have back up i cant see where all the garmin user would go most are liek ironman user they love to bitch about the company and then buy a garmin product...

Keeks · 27-07-2020 11:16am

looks like things are starting to come back online

Alun · 27-07-2020 11:39am

The web version of Garmin Connect appears to be up and running, and no loss of historical data that I can see. I started synching via the app, and nothing much appeared to be happening, but an activity on the 25th has just appeared on the web version, so it does seem to be doing something, just very slowly. I guess their systems will be pretty overloaded for a while with millions of devices all trying to synch several days worth of data in one go.

tunney · 27-07-2020 11:44am

alot of users complaining that watches dont' work unless they delete some old activities. (Saw it myself too, lap button not working, GPS distances and speed not working and cannot save or discard workouts)

tunney · 28-07-2020 10:07am

Looks like they paid the ransom. The backups were encrypted first so they had nothing to restore.

https://www.reddit.com/r/sysadmin/comments/hy3sn0/how_****ed_is_garmin_any_insiders_here/fzb2uq7/

Garmin hack

Comments