Garmin attacked by WastedLocker ransomware in demand for $10 million

Garmin, the GPS technology and wearable device manufacturer, has reportedly been hit by WastedLocker ransomware in a cyberattack that is demanding $10 million to release its data. According to the report in BleepingComputer, the company has been under a worldwide outage since Thursday. 

The cyberattack has affected consumers who use the run and bike fitness sessions in the Garmin Connect app and pilots who use the aviation database services, and all call centres are shutdown.

"We are currently experiencing an outage that affects Garmin.com and Garmin Connect," reads a message on the company's website. "This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience."

Garmin confirmed through its FAQs that it has had no reason to believe that user data has been impacted.

"Garmin has no indication that this outage has affected your data, including activity, payment or other personal information."

BleepingComputer were reportedly sent screenshots that showed long lists of the company's files encrypted by the malware, with a ransom note attached to each file. Sources told BleepingComputer that the ransom amount was $10 million, but the website stated that it was not able to confirm that amount independently.

According to a report in ZDNet, Garmin is "planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia." 

It has also been reported that the company has closed all databases and employee computers that are connected through a VPN to prevent further spread of the ransomware.

To view the statement, or for answers to frequently asked questions, head to Garmin.