Garmin confirms ransomware attack took down services

Sport and fitness tech giant Garmin has confirmed its five-day outage was caused by a ransomware attack.

In a brief statement on Monday, the company said it was hit by a cyberattack on July 23 that “encrypted some of our systems.”

“As a result, many of our online services were interrupted including website functions, customer support, customer facing applications and company communications,” the statement read. “We immediately began to assess the nature of the attack and started remediation.”

Garmin said it had “no indication” that customer data was accessed, lost or stolen. The company said its services are being restored.

The attack caused massive disruption to the company’s online services, used by millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices. The attack also took down flyGarmin, its aviation navigation and route-planning service.

The tech maker previously attributed the incident to an “outage,” but sources familiar with the incident told TechCrunch that the outage was caused by file-encrypting malware.

TechCrunch previously reported that the attack was caused by the WastedLocker ransomware, citing a source with direct knowledge of the incident. WastedLocker is known to be used by a Russian hacking group, known as Evil Corp., which was sanctioned by the U.S. Treasury last year.

By imposing sanctions, the Treasury would have effectively made it illegal for any U.S. company to pay a ransom to get their files back.

During the outage, Garmin’s stock price fell from $102 to $94 per share. By afternoon trading on Monday, Garmin was up 3% to $100 per share.

Garmin is expected to report earnings on Wednesday.