Garmin has reportedly been hit by a ransomware attack.
Get Current Garmin Servers Information Here:
RadioTimes has a good article about the ransomware attack:
Feel bad for these companies hit by Ransomware
It is not a good sign for company like Garmin to be down for so long..
Some services are returning...see https://www.zdnet.com/article/garmin-begins-to-restore-garmi...
Garmin Express seems to be working now.
My wife and I both have Vivosmart exercise watches. Generally, we start Garmin Connect on a tablet every day or two to observe the results. While there are still orange messages today saying that everything is not perfect, the available function today is much more than for the past few.
Also, I wondered whether they might have lost all of our past history. That appears not to be the case.
None of which says anything directly about automotive GPS-related services, but I consider encouraging.
Garmin Express works for me.
"We are happy to report that Garmin Connect recovery is underway. We'd like to thank you for your understanding and patience as we restore normal operations."
Message on Garmin Connect app.
Backups. Backups. Backups.
You need 'em. Multiple backups going back in time to give you the best chance of recovering from a ransomware attack.
Garmin Express seems working from yesterday. I was able to update via WiFi as well
Yep, GE is again reporting that I have a map update for my 660. It does this every time I update it using MapInstall.
Just tried both right now.
I'm retired from the IT industry, but Job 1 for every business is to have a complete backup of all their programs and data and an offsite copy just in case. Mission critical data must be backed up daily at a minimum.
For those who don't understand how this could happen, here's one possible scenario: Bad guy obtains the email address for an employee. Bad guy sends employee an email spoofing the employe's boss's address and saying I need you to look at this spreadsheet and give me your input on XYZ asap. Employee email addresses and company brass is usually easy to obtain. Without question, employee dutifully clicks on the attached spreadsheet which wasn't one, but rather a ransomware load that immediately encrypted the drive on the workstation the employee was using and since all the workstations and servers in the company are on an internal network, the ransomware searched out all connected drives and encrypted them. Bad guy demands $$$ by a certain time in order to obtain the encryption key to unlock all the effected drives. There's no guarantee that bad guy will keep his word once he has the cash, after all, he isn't a good guy. The only reason this works is the potential for bad guy to get paid.
Some businesses aren't well equipped to recover from this type of attack, but more are doing better things now that they understand how to prevent or at least how to recover from this type of thing. Step one is eradicate any vestige of the ransomware that could possibly be lurking in an encrypted drive on the network. This generally entails wiping each drive and then restoring from the clean backups that weren't attached to the network and then reattach them to the now cleansed network. This takes time and some systems may be sequence sensitive. A well designed recovery plan takes all this in to consideration and should have been tested on a mock failure scenario. In some that I was involved with, this recovery could take from a day to a week or more.
In some cases, bits and pieces come back online until all are up and running. This may be what we are seeing with Garmin.
In my businees we've always said, "We're only as good as our latest backup".
I went to a Message Queueing class one time where the teacher made sure we knew he was a PHD. "You can call me DOCTOR So & So!", he said proudly. Well, he proceeded to tell a classroom full of experienced Systems Programmers that "with the new MQ systems, backups are no longer needed". We stared in dis-belief, then laughed and told him he was just an academic!
And he took offense to that statement. LOL
You are just waiting for a disaster to strike. I back up to multiple drives and also image my main drive with 2 different imaging programs. The images saved my bacon one day after a power outage took out my SSD.
As a fellow retired IT professional, I can't help but think there are some Sarbanes-Oxley IT server controls provisions that may need to be investigated.
I would not want to be Garmin's CIO right now!
You are aware they still make uninterruptible power supplies?
As per news Garmin had to pay $10 million ransom to get the decryption key from hackers.
My wife got hit with that once. I wiped her computer and put it back from scratch. She lost some stuff but most was backed up. When she was working her company was hit with ransomware but had off site backups so they were back up and running in a day.
The same company got wiped out in the Camp Fire. He had offsite backup - they pulled the main drive every night and swapped it out - but both the office and the home where the backup was located burned completely. It took some doing to get up and running again but now there is no central workplace. Everything is "off site" since there is no main site.
Here's a story with more detail about Garmin paying:
They may have had insurance coverage for part or all of their $10 million payment, but they may also have a fight over successfully claiming that if they did. Insurance companies are much happier about collecting premiums than they are about paying out large sums of money.
Most experts recommend not paying ransomware. Here's why:
The article does say that per one survey, 99% of the companies that did pay ransomware were able to get successfully decrypted after paying. I thought the success rate was much lower than that. That is one thing that can go wrong when you pay: you still don't get your data back.
A lot of companies and institutions do get hit each year, but you don't hear about it.
I can not understand why any company would not have multiple backups onsite and offsite. It just shows the total incompetence of the Garmin technical staff. As per a previous post all of the servers should be taken offline, the hard drives wiped clean, repartitioned and all OS software reinstalled. Then do a reinstall from the backups. It should not take more than 24 hours. They should have backups at the minimum of 1 week, 2 weeks, 1 month, 3 months, 6 months and 1 year. Their technical support staff need to be fired if they can not comprehend these basic concepts.
Home users need to backup their files to a minimum of 2 other devices. I learned this the hard way when I had to recreate some tax forms because my backup hard drive failed.
Hackers that generate ransomwar that go after large company databses are sophisticaed enough these days to also detect and go after backups. Quoting from a security service
Ransomware will now delete any backups it happens to come across along the way, Kujawa says. For example, a common tactic for ransomware is to delete automatic copies of files that Windows creates. "So if you go to system restore, you can't revert back," he said. "We've also seen them reach out to shared network drives."
Two recent examples of ransomware that has backups in its sights are SamSam and Ryuk. In November, the US Department of Justice indicted two Iranians for using the SamSam malware to extort more than $30 million from over 200 victims, including hospitals. Attackers maximized the damage, by launching attacks outside regular business hours and by "by encrypting backups of the victims’ computers," said the indictment.
About the only positive way to insure a backup doesn’t get compromised is to physically make the backup and then disconnect it from th main servers. As you can well imagine, this actually can be handled through a software/hardware device.
terms | privacy | contactCopyright © 2006-2020