On Thursday, hackers hit the navigation and fitness giant Garmin with a ransomware attack that took down numerous services across the company. Garmin Connect, the cloud platform that syncs user activity data, went dark, as did portions of Garmin.com. But as athletes found themselves unable to record runs and workouts, pilots who use Garmin products for position, navigation, and timing services in airplanes were dealing with their own problems.
The flyGarmin and Garmin Pilot app both suffered days-long outages, hindering some Garmin hardware used in planes, including flight-planning mechanisms and the ability to update mandatory FAA aeronautical databases. Garmin, which waited until Monday to confirm that a cyberattack caused the trouble, also saw its corporate email systems and customer call centers hobbled by the assault. (Throughout the weekend, emails to Garmin public relations staffers bounced back and phone calls wouldn’t connect.) Some reports indicate that Garmin’s ActiveCaptain maritime app also suffered outages.
Garmin’s services started to flicker back online on Monday, four days after the outages began. The incident underscores the pressing threat ransomware continues to pose across industries, though, particularly when it can disrupt services that millions of people rely on.
Garmin said in a statement Monday that has no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen.” The company declined to comment to WIRED on the specific impact to position, navigation, and timing services. The Garmin Aviation Twitter account posted on Thursday that, “We are currently experiencing an outage that affects the Garmin Pilot App and as a result, some services, such as flight plan filing, may be unavailable.” The account tweeted an update on Monday: “Many of the systems and services affected by the recent outage, including flyGarmin and Garmin Pilot, are returning to operation. Some features still have temporary limitations while all of the data is being processed.”
Numerous pilots reported on social media and aviation forums that they were dealing with problems as a result of the Garmin outages. Many pointed to difficulties planning and scheduling flights. They also highlighted their inability to download database updates for their Garmin navigation systems—a major issue since the Federal Aviation Administration requires that planes have updated databases to fly. Those updates happen once a month; the most recent came out on July 16, so it had already been downloaded for many planes—a lucky happenstance for Garmin. Pilots can download the updates elsewhere, but would have to subscribe to a different platform.
And the disruptions were not just theoretical.
“The biggest issue at my flight school is not being able to update the databases for the Garmin 430s we have in all our planes—we use them for navigation,” says Taren Stanton, a flight instructor at Front Range Flight School in Colorado. “Legally we can’t fly an instrument flight plan using them for navigation if they aren’t kept updated. We had one plane that was temporarily grounded because of that.”
Pilots separately use tablet apps as backups to flight plan and navigation systems, but those who use Garmin Pilot wouldn’t have had that failsafe available. “Those users lost some services like being able to file a flight plan from their iPad,” Stanton says. “They either had to go on the FAA website or call a phone number to file, which is a huge pain.”
Ransomware attacks have increasingly targeted industrial control systems and critical infrastructure, from oil refineries, gas pipelines, and power grids to hospitals. Sometimes these attacks use the guise of ransomware as a distraction, as with the destructive NotPetya malware that swept the world in 2017. More often the attackers are criminals looking to take advantage of victims that have the most to lose when their systems go down, making them more likely to pay up to restore them.
“We’re not surprised about these types of attacks anymore. We’ve been raising the alarms for years about ransomware—every time we make a prediction about how it could get worse it gets worse,” says Adam Kujawa, director of malware intelligence at the security firm Malwarebytes. “It really exposes organizations who don’t have any fallbacks or systems they could have switched over to. And that can affect user confidence, customer confidence, investor confidence in how robust or built out your recovery plan is.”
In the case of Garmin, multiple reports indicate that the company was hit by the WastedLocker ransomware, a relatively new strain associated with the Russian criminal hacking group Evil Corp. This doesn’t necessarily mean that Evil Corp itself targeted Garmin; ransomware-for-hire services are common among criminal hackers. But Evil Corp’s alleged leader Maksim Yakubets was indicted by the Department of Justice in November for his alleged involvement in stealing hundreds of millions of dollars through Evil Corp’s decade-plus ransomware attack spree. At the beginning of December, the Treasury Department also sanctioned Evil Corp, including specific members such as Yakubets. Because of those sanctions, it may be illegal for the US-based company to directly pay the ransom, though it could potentially do so through an intermediary.
Garmin aviation services have now largely been restored, and pilots should be able to reliably update their databases and submit flight plans again. If you’re a runner, your activity data has been stored on your Garmin watch this whole time and should now sync with Connect, though Garmin cautions that there may be some delays as it processes the backlog of data updates. But as the incident nears an apparent resolution, it shows how quickly and totally ransomware can wreck an unprepared organization. If anything, it’s fortunate that it didn’t disrupt transportation around the world even further.
“I worry about this stuff,” Front Range Flight School’s Stanton says. “I teach my students to have back ups of back ups. I guess we kind of plan for things to fail. But it’s definitely scary. I was surprised that it could happen to Garmin so easily.”
More Great WIRED Stories
- Live wrong and prosper: Covid-19 and the future of families
- My friend was struck by ALS. To fight back, he built a movement
- How Taiwan’s unlikely digital minister hacked the pandemic
- Linkin Park T-shirts are all the rage in China
- How two-factor authentication keeps your accounts safe
- ? Prepare for AI to produce less wizardry. Plus: Get the latest AI news
- ?️ Listen to Get WIRED, our new podcast about how the future is realized. Catch the latest episodes and subscribe to the ? newsletter to keep up with all our shows
- ??♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones