Garmin utsatt for ransomware angrep - The Aviationist / AVweb

Garmin Aviation App And Services Down in Ransomware Attack

July 25, 2020 Tom Demerly Information Security, Military Aviation

The Garmin outages could affect some military flight operations since many pilots rely on Garmin flight instruments and even wristtop computers as backups in an emergency (Photo: TheAviationist/Tom Demerly)

Garmin makes also aviator watches worn by combat pilots to augment Situational Awareness in Emergencies.

The FlyGarmin app for pilots using Garmin GPS based instruments and navigation equipment experienced an outage beginning on Jul. 23, 2020, evening, Eastern Daylight Savings Time in the United States. Some sections of the website appear to have been restored after what some media outlets are calling a “ransomware attack”.

A ransomware is a type of malware that encrypts a database or system and threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.

The outages for Garmin websites first became visible when the GarminConnect.com fitness tracking website began showing a screen to subscribers that said the site was down for maintenance. The site has since displayed a page that says, “We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.” The outage still affects Garmin Pilot too.

According to a report that has appeared on ZDNet on Jul. 23, “pilots haven’t been able to download a version of Garmin’s aviation database on their Garmin airplane navigational systems. Pilots need to run an up-to-date version of this database on their navigation devices as an FAA requirement. Furthermore, the Garmin Pilot app, which they use to schedule and plan flights, was also down today, causing additional headaches.”

Generally speaking, Garmin navigation watches have maps loaded into them and receive positional data as long as they have a three-satellite fix with the GPS constellation. The watch still works. For instance, this Author just used a Tacitx Bravo and a cyclocomputer a moment ago on a 19 mile bike ride. The computer displays my accurate ride data, I just can’t upload to Garmin Connect right now.

Legg til bildetekst

Garmin websites have shown error messages since Thursday evening. (Image credit: Screen capture via GarminConnect)

Garmin aviation and navigation watches, from onboard computers to wristtop computers sold around the world, are used by military pilots in the U.S., Russia and many other countries and even by U.S. U-2 surveillance pilots. On March 13, 2020 GPSWorld.com reported that, “The U.S. Air Force is expected to take delivery of more than 100 D2 Charlie aviator watches for the specialized pilot group that flies the Lockheed U-2 aircraft.”

In February, 2018, a U.S. Navy flight crew over the northeastern U.S. was able to navigate and land their EA-18G Growler using a Garmin wristtop computer: the aircraft suffered a catastrophic failure of its environmental control system at 25,000 feet. It was en route from Naval Air Station Whidbey Island to Naval Weapons Station China Lake when the failure occurred. Within minutes, the temperature in the cockpit dropped to well below zero degrees Fahrenheit. Condensation formed, then froze in a thick layer inside the cockpit, obscuring the two-person crew’s view outside of the aircraft. The ice build-up quickly covered vital flight control instruments, making instrument flying nearly impossible as the crew began to suffer the first symptoms of hypothermia. But in the end, the pilot and electronic warfare officer used a Garmin watch to keep track of their heading and altitude while air controllers began relaying instructions to the crew.

Beginning in 2017 the Navy started issuing Garmin GPS smart watches to pilots of the F/A-18 Hornet, E/A-18G Growler and T-45 Goshawk. The first round of watches issued was the Garmin Fenix 3, a watch originally intended for endurance athletes like triathletes, off-road cyclists, adventure racers and distance runners. Since aviators began using Garmin “wrist top computer” GPS-equipped smart watches, the company has introduced several new, aviation specific watches called the Garmin D2 Bravo Pilot, the D2 Charlie, D2 Delta PX and flagship Garmin MARQ series, which includes the MARQ Commander and Aviator, models that actually “Check with Pulse Ox³ to gain awareness of how well your body’s oxygen levels are adjusting to the thinner air at higher altitudes.”

Garmin Web-Based Utilities Down After Suspected Attack (Updated)

Larry Anglisano

July 24, 2020

1

Forbes is reporting Garmin has been told by ransomware hackers to pay $10 million to restore the accounts of millions of users worldwide who have been without cloud-based services since Friday. Quoting BleepingComputer, Forbes says Garmin’s systems were taken down by the WastedLocker ransomware and it cut quite a swath through the company’s extensive list of cloud accounts. An email request for comment sent by AVweb late Sunday has not been returned.Pilots who use Garmin’s web-based planning tools, including flyGarmin and FltPlan.com, as well as syncing functions inside the Garmin Pilot app, have been severely affected by a massive outage that began on July 23, 2020. Many of Garmin’s key “cloud” systems were down most of Thursday, but by Friday morning (July 24), several of the company’s Connext services had been restored, including phone and SMS features sent via Iridium satellite devices. Some flight plan filing features and account syncing via Garmin Pilot were still down.

On Friday, Garmin told AVweb that as they work to restore the data, users will likely still experience degraded performance in flight planning and even with database concierge utilities, and it’s likely that various services will come back and others go offline as the company acts to restore service and implement data-recovery procedures.

The outage also affected Garmin’s call centers, and the company was unable to receive phone calls, emails and chats on Friday. Web-based forums were also down. The company said Friday that that users will experience an outage that affects flyGarmin and its website, plus Garmin Pilot. The Pilot app can still be used in flight.

Aviation users aren’t alone—the outage also affects the Connect utility used by Garmin fitness devices. This hinders syncing the device with the Connect app. Garmin subscribers can sign up for email and/or SMS notifications to be alerted when the services come back online.

WastedLocker is a relatively new type of ransomware run by a malware exploitation gang called Evil Corp. It is believed to be based in Russia according to Malwarebytes Labs. The ransomware works differently from others and can be tailored specifically to the security set up at an individual target, usually large companies in the U.S. and a few in Europe. The malware encrypts each file and uses the name of that file to log a ransom note in the system. Like all malware, it gets into a system through a bogus alert or request that someone with credentials mistakes for a legitimate issue, typing in his or her login. After that, the infiltration is virtually unstoppable and can even affect cloud backups of data.