Garmin knocked out by ransomware attack

Will fitness tracker manufacturer be able to step up its security?


Garmin, the wearable tech company famous for its GPS fitness trackers and activity smartwatches, is suffering a global outage – and ransomware appears to be to blame.

Not only is it currently impossible for Garmin customers to log into Garmin Connect to record and analyse their health and fitness data, but also the company’s call centres are unable to answer telephone calls, receive emails, or participate in online chats.

As ZDNet reports, the company’s Taiwanese production line has also been affected.

Garmin outage

We are currently experiencing an outage that affects and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.

In short, Garmin’s infrastructure has suffered a massive failure – and, although the company has not officially confirmed it, the finger of suspicion points strongly in the direction of a ransomware attack.

The annoying thing for Garmin’s IT support staff will be that they may be frantically running around like headless chickens at the moment, but their steps won’t be being recorded.

Sign up to our free newsletter.
Security news, advice, and tips.

Joking aside, the danger isn’t only that fitness fanatics may not be able to record how many miles they jogged today.

Garmin also provides services for aviators and sailors, meaning they may not be able to use their trusted apps for weather reports or filing flight plans.

Furthermore, many ransomware attacks today are combined with data theft – where the attackers will not only encrypt data, locking workers out of systems, but also steal sensitive information from a company in order to apply further pressure for a ransom to be paid.

If, and it’s a big if, Garmin’s attackers had managed to seize data revealing users’ entire location history, then that would undoubtedly be a very attractive treasure trove for intelligence agencies with an interest in particular individuals.

In the past, concerns have been raised about how fitness tracking app Strava could reveal sensitive information about the movement patterns of military personnel.

Update: Garmin staggers back online after ransomware attack.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

2 comments on “Garmin knocked out by ransomware attack”

  1. Chris

    Surely "not encrypt data" should read "not ONLY encrypt data".

    1. Graham cluleyGraham Cluley · in reply to Chris

      Whoopsadaisy. Well spotted. Now fixed. Thanks!

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.