It looks like Garmin is slowly getting back up and running. This morning I got a notification that an activity had synced. I excitedly opened up the Garmin Connect app, but disappointingly I was greeted with the usual sorry we are doing for maintenance message.
However, more data was there than usual. Heart rate data is available, my last 7-days, calories, respiration, steps and floors climbed. Some of this was available previously, but not all.
My Fenix 6 Pro is now spamming me with activity upload notifications.
Challenges and badges
I was now also able to view things like challenges, but looking at the challenges most of the data still has no synced. So the 100k step challenge I get auto-enrolled too has no one completing it, and I stuck at 50k.
I would expect that all expired challenges will still count once everyone has synced their data.
System Status
Looking at the current Garmin System status page shows that all services are up and running to some extent.
Activity details and uploads are online, as is device registration, so the two most important features.
Many services are classed as limited, but this appears to be more due to the volume of data Garmin needs to process to get back up to date. They may have resolved the ransomware problems they have faced, but they will now be overloaded with users syncing data.
What Happened?
Garmin has not admitted anything and been very poor with communication. Their official statement is that they were currently experiencing an outage that affects Garmin services, including Garmin Connect. This outage also affected call centres and emails.
What could bring down every single IT system in a $20 billion company? Ransomware. Everyone is reporting it but Garmin is not admitting it.
The attack appears to be by a hacker group called Evil Corp using the WastedLocker ransomware, and the demand was $10 million. Garmin then locked out of absolutely everything.
I am no IT security specialist, but having ransomware affect all aspects of the business seems to imply poor security on behalf of Garmin. It looks like there is little to no isolation between there systems. So what has affected the consumer side of the business has also affected the more important aviation side too.
To put this into context, just image if ever single system withing, Apple went down for 4 days solid and what would the public say?
Did Garmin pay the $10 million ransom?
We will never know for sure, assuming the ransomware is by Evil Corp, Garmin would be breaking the law by doing any form of financial transaction with them. This applies to all currencies because Garmin is a US entity. However, things like BitCoin exist for a reason, so it is possible Garmin may have given in to the ransom, but they would never be able to admit such a thing.
Is any data lost, and will this happen again?
Currently, it looks like no data has been lost, but time will tell. Garmin has a long road ahead of them. If they have not paid the ransom and have restored from backups, they may have restored whatever backdoors were put in place on their systems in the first place. I would say it is unlikely to happen again; they are going be forced to take security seriously now, if they were to get hacked again I am not sure how they could cope with the PR backlash.