Back to Squawk list
  • 46

Garmin Hit By Ransomeware Attack

Garmin servers are down due to a ransomware attack.The company is currently planning a multi-day maintenance window to deal with the attack's aftermath, which includes shutting down its official website, the Garmin Connect user data-syncing service, Garmin's aviation database services, and even some production lines in Asia. ( More...

Sort type: [Top] [Newest]

linbb 9
Something that I find very strange in this era of high tech ways to do things computer related these people cannot be found. Seems its almost like its within some part of the industry that is allowing it to happen for some reason.
Roger Anderson 13
Hacks get just as sophisticated every day, but ransomware attacks usually involve some form of social engineering, and that's usually where the weak point comes in - humans.

Example - I send a phishing email to all Garmin staff members with a bogus claim that they have an unauthorized transaction on their Bank of America account and they should click to confirm it. Out of all the staff members, someone must bank with BOA and someone might be careless not to see who the sender of the email really is. As much as they teach you to be aware of phishing scams, someone falls for the trap, clicks the link, which then opens up a possibility of downloading malicious software insider Garmin's internal network.

Now the hackers have tunneled their way in and can do whatever they want because they've made it inside, making it much easier to carry out simpler attacks rather than trying to do so from the outside which has more defenses. The ransomeware could then be as basic as encrypting all files on a computer with the request of paying X amt of bitcoins in return for their files (which might be critical to their job etc).
Torsten Hoff 8
An even bigger problem than finding them is prosecuting them. The perpetrators are usually located in countries that will not extradite them, and as long as they don’t attack systems in the country that they are located in, they are free to continue what they are doing.
canuck44 5
You are correct but the solution is to identify and then put a bounty on them. When two or three turn up at room temperature the lure of this scam will be diminished. Understand some of them are in full employ to their host government or members of it and most of them can be shut down economically as well.
If international criminals, are hiding in other countries, there should be a bounty on them, "dead or alive", or they should be removed by covert teams and brought back to justice.
djames225 3
These attacks are not usually from single individuals, but an orchestrated network spread across the globe. Finding the main cell leader and eliminating him, just leads to another cell pop up days later.
This particular attack is said to have been the work of Evil Corp. It is Russian based, spread across the globe, and it's "leader" was already indicted...but it sprang up again.
sparkie624 3
I agree.. but easier said than done... Besides... in America, we usually do not hire Mercenaries.. At least not in the public's eye!
sparkie624 2
Finding them is easy... Track IP address, and they identify themselves and even tell you where to send the payment... The problem is they are in 3rd world countries and you cannot touch them... They are protected where they are at... Real shame. In reality, I would love to find them and cut their... (Well You Know...) off!
djames225 3
Not that easy, sparkie. Remember watching those TV shows where the signal bounces and cannot be traced?...It actually happens more times than not.
sparkie624 1
the thing here is they tell you where to send the money and a sample file to get the fix and to let you know how much money to send.
lwr 2
"Where to send the money" is usually a Bitcoin wallet. Good luck tracing that.
sparkie624 2
There are people that are nothing more than thieves... Except in stead of breaking into houses and cars, Robbing banks, they sit at home, Hide their identity, and then hack their way into company networks to encrypt their data and force them to pay real money to get their data back... When it happened to me, I refused to pay the ransom and never will.... These people are not common thieves... they are worse. Many times they are where they cannot be prosecuted... best thing you can do to them is ignore them, don't make a big deal with it, and protect against future attacks.
They went down yesterday (Thursday) around noon. I was able to connect to their Connect service through their app, but all of my 5 years worth of data was gone. Then, the app choked, and failed. They have been back to incommunicado since.

This is going to be a huge blow for them. If all user data is gone, it may take them years to get peoples trust back. I know I'll be pissed. Many bike trips I've taken are on their service. Who knew that I would have to back up their service to save my data. (I don't think they even HAD a backup option)

This will hurt them...
djames225 4
So Evil Corp. is up to it's old tricks again, are they. When are companies going to learn? Do not have a direct means into the server farms via employees computers. Separate the damn networks.
Ok, Who's head is going to roll on this? CEO, IT VP, ??
Tim Hollars 2
Do the hackers have my subscription info? Time to get a new credit card.
They may have a lot more, if you used their tracking features. They know where you live. Where you go. Who you do activities with. What you own for equipment. It's a lot of information that might be marketable to the right people.

Oh, credit card numbers, possibly. All of your linked social media accounts. People that reuse passwords are going to potentially lose all of their accounts, and possibly bank and credit card information too. How much you lose depends on how stupid you are.

NEVER reuse passwords and usernames. Just don't... If you have, change the passwords now!!!
belzybob 3
Ransomware attacks generally focus on encrypting the server data and extorting payment for the password to restore the data, not on stealing the data itself.
Torsten Hoff 1
It is entirely possible. If they have the means to get into the company's IT infrastructure and encrypt the data on their servers, they would also have the ability to exfiltrate the data.

However, if Garmin abides by industry best practices and the data processing standards for the payment industry, the data would already be encrypted by Garmin themselves, and of no immediate use to the hackers.

If Garmin was lax or negligent in how the store and process the data, it may be relatively easy to decrypt, or may never have been encrypted at all.

My recommendation for consumers is to always use one-time use payment card numbers for online transactions that are generated individually each time you request one if your card issuer supports them. That means they are only good for a single transaction (though that can be a recurring transaction, making them acceptable for things like subscriptions), and you can usually set a transaction amount limit.

If that one-time use card number is stolen, it doesn't affect the account number of your physical credit card, it's of no use to the hacker (because all but the first use of the card number will be declined), and the bank can tell exactly where the information was stolen (the site where you entered the information originally).
lynx318 3
So pilots navigation data is down. If Garmin run their product through the same system as vulnerable social network system, they deserve to lose business. Using only one nav system sorta goes against the aircraft industry standard of redundancies as well.
sparkie624 2
I know what that feels like.... I run public servers as well and got hit with that... The people who do that kind of stuff should really be held accountable... No reason in this kind of thing happening, and the worst thing that you can do is to pay them off... If I said what I really felt should be done with those people, I would be banned from Flight Aware!
Jim Allen 1
With all due respect to Garmin, it’s on them to safeguard their customer data. If I, Joe Schmoe, have a commercial grade firewall at my perimeter and I pay maintenance every year for it, Garnin had better be a damn sight more sophisticated than I am. This is aviation data damnit.


Don't have an account? Register now (free) for customized features, flight alerts, and more!
This website uses cookies. By using and further navigating this website, you accept this.
Did you know that FlightAware flight tracking is supported by advertising?
You can help us keep FlightAware free by allowing ads from We work hard to keep our advertising relevant and unobtrusive to create a great experience. It's quick and easy to whitelist ads on FlightAware or please consider our premium accounts.