The production and dedicated services of Garmin, the maker of smartwatches and other wearables, went down following a ransomware attack on July 23. The extensive downtime has been deemed necessary to attend to an incident that involved a successful attack that encrypted both Garmin’s production systems and internal network.

A widespread and high-impact assault

Garmin is now organising a multi-day maintenance window in order to deal with the aftermath of the targeted attack. This disruption will entail shutting down the company’s official website, its aviation database services, the data-syncing service for users – known as Garmin Connect – and some of its production lines operating throughout Asia.

In posts on social media sites and via notifications on its website, Garmin reported that the incident has also affected its company call centres, rendering it unable to respond to emails, calls and online chats initiated by users seeking assistance.

The unfortunate circumstances didn’t go undiscovered and have resulted in problems for many of the firm’s customers, who currently depend on the Garmin Connect service. The service allows them to sync data related to cycle rides and runs with Garmin’s dedicated servers, which disastrously all went down on July 23.

In addition to the sportswear and consumer wearables produced by the company, its flyGarmin web service, developed to support the enterprise’s select range of navigational equipment for aviation, also went down.

Pilots confirmed they were unable to download an edition of Garmin’s aviation database onto their airplane navigational systems designed by the manufacturer. To keep in line with FAA requirements, pilots must always employ the latest version of the database on navigation equipment in use. On top of this issue, Garmin’s Pilot application utilised for scheduling and planning flights was also out of action, causing further problems.

Potential consequences of malware

While Garmin have officially not disclosed that their recent outage was the result of a ransomware attack, multiple employees of the company shared details and referred to it specifically as a ransomware attack. Following the incident, which occurred at 3am UTC, personnel spread over two continents were instructed by local Garmin IT teams to shut down devices as ransomware had been distributed across several different branches using the company’s internal network.

While no official identification has been made, some employees at Garmin spoke out online, attributing the incident to a newly discovered type of ransomware that was first encountered early this year, known as WastedLocker.

Third-party observers have so far been unable to ascertain the reach of the ransomware, with its impact on services beyond the general disruption unclear at present. As of yet, it has not been confirmed whether any customer or client data has been taken or lost during the attack.

While Garmin works to restore its online services, many of its product users have answered calls for help via social media, sharing their tips with one another on ways to save bike and run data to dedicated partner services from Garmin in order to avoid losing their detailed exercise logs.