Garmin Servers are Still Down (July 27, 2020)

 

Garmin has reportedly been hit by a ransomware attack.

Get Current Garmin Servers Information Here:
https://connect.garmin.com/status/

RadioTimes has a good article about the ransomware attack:
https://www.radiotimes.com/technology/2020-07-24/gamin-serve...

Looks like a complete mess

Feel bad for these companies hit by Ransomware

It is not a good sign for

It is not a good sign for company like Garmin to be down for so long..

--
Iphone XR, Drivesmart 61,Nuvicam, Nuvi3597

Some “Connect” services have been restored

--
John from PA

Garmin servers are still down

Garmin Express seems to be working now.

--
The Home of BLUMARU HOUNDS

We see slow Garmin connect function

My wife and I both have Vivosmart exercise watches. Generally, we start Garmin Connect on a tablet every day or two to observe the results. While there are still orange messages today saying that everything is not perfect, the available function today is much more than for the past few.

Also, I wondered whether they might have lost all of our past history. That appears not to be the case.

None of which says anything directly about automotive GPS-related services, but I consider encouraging.

--
personal GPS user since 1992

Garmin Express works for me.

Garmin Express works for me.

Still waiting

"We are happy to report that Garmin Connect recovery is underway. We'd like to thank you for your understanding and patience as we restore normal operations."

Message on Garmin Connect app.

Backups

Backups. Backups. Backups.

You need 'em. Multiple backups going back in time to give you the best chance of recovering from a ransomware attack.

--
"141 could draw faster than he, but Irving was looking for 143..."

Garmin Express is working now.

Garmin Express seems working from yesterday. I was able to update via WiFi as well

--
Garmin DriveSmart 55 with Traffic

Yep

Yep, GE is again reporting that I have a map update for my 660. It does this every time I update it using MapInstall.

--
Metricman Nuvi 660, GTM-20 Traffic Receiver Nuvi 3597 GTM-60 Traffic Receiver Williamsburg, VA

Smartlink and Garmin USA app are working again

Just tried both right now.

--
Nuvi 760 Nuvi 2598 LMT Nuvi 3597 LMT Garmin Streetpilot Onboard for iPhone

Backup, backup, backup!

I'm retired from the IT industry, but Job 1 for every business is to have a complete backup of all their programs and data and an offsite copy just in case. Mission critical data must be backed up daily at a minimum.

For those who don't understand how this could happen, here's one possible scenario: Bad guy obtains the email address for an employee. Bad guy sends employee an email spoofing the employe's boss's address and saying I need you to look at this spreadsheet and give me your input on XYZ asap. Employee email addresses and company brass is usually easy to obtain. Without question, employee dutifully clicks on the attached spreadsheet which wasn't one, but rather a ransomware load that immediately encrypted the drive on the workstation the employee was using and since all the workstations and servers in the company are on an internal network, the ransomware searched out all connected drives and encrypted them. Bad guy demands $$$ by a certain time in order to obtain the encryption key to unlock all the effected drives. There's no guarantee that bad guy will keep his word once he has the cash, after all, he isn't a good guy. The only reason this works is the potential for bad guy to get paid.

Some businesses aren't well equipped to recover from this type of attack, but more are doing better things now that they understand how to prevent or at least how to recover from this type of thing. Step one is eradicate any vestige of the ransomware that could possibly be lurking in an encrypted drive on the network. This generally entails wiping each drive and then restoring from the clean backups that weren't attached to the network and then reattach them to the now cleansed network. This takes time and some systems may be sequence sensitive. A well designed recovery plan takes all this in to consideration and should have been tested on a mock failure scenario. In some that I was involved with, this recovery could take from a day to a week or more.

In some cases, bits and pieces come back online until all are up and running. This may be what we are seeing with Garmin.

--
"There's no substitute for local knowledge" nüvi 750, nüvi 3597

Backup is right!

In my businees we've always said, "We're only as good as our latest backup".

I went to a Message Queueing class one time where the teacher made sure we knew he was a PHD. "You can call me DOCTOR So & So!", he said proudly. Well, he proceeded to tell a classroom full of experienced Systems Programmers that "with the new MQ systems, backups are no longer needed". We stared in dis-belief, then laughed and told him he was just an academic!

And he took offense to that statement. LOL

No backups or images?

You are just waiting for a disaster to strike. I back up to multiple drives and also image my main drive with 2 different imaging programs. The images saved my bacon one day after a power outage took out my SSD.

--
Nuvi 2460LMT.

Sarbanes-Oxley IT Controls

As a fellow retired IT professional, I can't help but think there are some Sarbanes-Oxley IT server controls provisions that may need to be investigated.

I would not want to be Garmin's CIO right now!

Maybe you are the one “waiting for a disaster to strike”

pwohlrab wrote:

You are just waiting for a disaster to strike. I back up to multiple drives and also image my main drive with 2 different imaging programs. The images saved my bacon one day after a power outage took out my SSD.

You are aware they still make uninterruptible power supplies?

--
John from PA

As per news Garmin had to

As per news Garmin had to pay $10 million ransom to get the decryption key from hackers.

--
Iphone XR, Drivesmart 61,Nuvicam, Nuvi3597

So they didn't have any reliable backups. Wow.

rookie8155 wrote:

As per news Garmin had to pay $10 million ransom to get the decryption key from hackers.

--
Nuvi 2460LMT.

ransomware attack

scary

Ransomware

My wife got hit with that once. I wiped her computer and put it back from scratch. She lost some stuff but most was backed up. When she was working her company was hit with ransomware but had off site backups so they were back up and running in a day.

The same company got wiped out in the Camp Fire. He had offsite backup - they pulled the main drive every night and swapped it out - but both the office and the home where the backup was located burned completely. It took some doing to get up and running again but now there is no central workplace. Everything is "off site" since there is no main site.

--
GPSMAP 76CSx - nüvi 760 - nüvi 200 - GPSMAP 78S

More info on the attack on Garmin

Here's a story with more detail about Garmin paying:
https://www.gizmodo.co.uk/2020/08/garmin-reportedly-coughed-...
They may have had insurance coverage for part or all of their $10 million payment, but they may also have a fight over successfully claiming that if they did. Insurance companies are much happier about collecting premiums than they are about paying out large sums of money.

Most experts recommend not paying ransomware. Here's why:
https://www.bankinfosecurity.com/blogs/ransomware-reminder-p...
The article does say that per one survey, 99% of the companies that did pay ransomware were able to get successfully decrypted after paying. I thought the success rate was much lower than that. That is one thing that can go wrong when you pay: you still don't get your data back.

A lot of companies and institutions do get hit each year, but you don't hear about it.

--
"141 could draw faster than he, but Irving was looking for 143..."

Multiple Backups

I can not understand why any company would not have multiple backups onsite and offsite. It just shows the total incompetence of the Garmin technical staff. As per a previous post all of the servers should be taken offline, the hard drives wiped clean, repartitioned and all OS software reinstalled. Then do a reinstall from the backups. It should not take more than 24 hours. They should have backups at the minimum of 1 week, 2 weeks, 1 month, 3 months, 6 months and 1 year. Their technical support staff need to be fired if they can not comprehend these basic concepts.

Home users need to backup their files to a minimum of 2 other devices. I learned this the hard way when I had to recreate some tax forms because my backup hard drive failed.

Backups not always yielding protection...

garmin-nuvi-user wrote:

I can not understand why any company would not have multiple backups onsite and offsite. It just shows the total incompetence of the Garmin technical staff. As per a previous post all of the servers should be taken offline, the hard drives wiped clean, repartitioned and all OS software reinstalled. Then do a reinstall from the backups. It should not take more than 24 hours. They should have backups at the minimum of 1 week, 2 weeks, 1 month, 3 months, 6 months and 1 year. Their technical support staff need to be fired if they can not comprehend these basic concepts.

Home users need to backup their files to a minimum of 2 other devices. I learned this the hard way when I had to recreate some tax forms because my backup hard drive failed.

Hackers that generate ransomwar that go after large company databses are sophisticaed enough these days to also detect and go after backups. Quoting from a security service

Quote:

Ransomware will now delete any backups it happens to come across along the way, Kujawa says. For example, a common tactic for ransomware is to delete automatic copies of files that Windows creates. "So if you go to system restore, you can't revert back," he said. "We've also seen them reach out to shared network drives."

Two recent examples of ransomware that has backups in its sights are SamSam and Ryuk. In November, the US Department of Justice indicted two Iranians for using the SamSam malware to extort more than $30 million from over 200 victims, including hospitals. Attackers maximized the damage, by launching attacks outside regular business hours and by "by encrypting backups of the victims’ computers," said the indictment.

About the only positive way to insure a backup doesn’t get compromised is to physically make the backup and then disconnect it from th main servers. As you can well imagine, this actually can be handled through a software/hardware device.

--
John from PA