Aviation Database Struck By Unknown Ransomware Gang

A ransomware attack against Garmin affected pilots that rely on the company’s support for aviation navigational equipment.

Smartwatch maker and data-syncing service provider, Garmin, was the subject of a ransomware attack that took down several of its services on July 23, which managed to encrypt its internal network.

According to a series of tweets published by the company, the Garmin Connect website and mobile app were affected by the hackers, plus the call centers and every customer support resources like replying emails, online chats, and handling calls.

However, the nature of the attack was unveiled by ZDNet, who also stated that the cybercriminals also targeted flyGarmin, the company’s service that supports its line of aviation navigational equipment.

Pilots affected by the ransomware

The Garmin Pilot app also was offline during the entire day, affecting several pilots that rely on the software to schedule and plan flights.

As of press time, Garmin’s website is working, but they’ve placed the following message: 

“We are currently experiencing an outage that affects Garmin.com and Garmin Connect. This outage also affects our call centers, and we are currently unable to receive any calls, emails or online chats. We are working to resolve this issue as quickly as possible and apologize for this inconvenience.”

Speculation keeps rising about the severity of the incident

Speaking with Cointelegraph, Chris Clements, vice president of solutions architecture at cybersecurity firm Cerberus Sentinel, commented on the ransomware incident:

“The security incident at Garmin highlights the need for organizations to implement a well thought out and formalized Incident Response plan with a preselected response team for key tasks like recovery, root cause analysis, and public communications. With no details forthcoming from official Garmin spokespeople, employees have been tweeting out information that may or may not be accurate and leading to wild speculation as to the extent and severity of the situation.”

Cointelegraph reported on July 22 about the ransomware attack against the University of York from an unnamed gang, which took place in May. Vulnerabilities from their third-party service provider led to the data breach.

Telecom, Argentina’s largest telecommunications company, has fallen victim to a ransomware attack in July 187. At that time, hackers demanded $7.5 million in Monero (XMR).