Garmin confirms ransomware attack, keeps quiet on possible Evil Corp. involvement

Finally, Garmin customers who have put off their exercise routine because of outages on the website and mobile app can lace up their running shoes again.

Garmin said in a statement Monday that it has started restoring services following a ransomware attack that locked “some” systems on July 23. While the company says it has no indication that scammers accessed customer data, the attack did interrupt website functionality, customer support services, user apps and corporate communications, according to the statement.

“Affected systems are being restored and we expect to return to normal operation over the next few days,” Garmin said. “We do not expect any material impact to our operations or financial results because of this outage.”

The official update confirms prior reporting that hackers had infiltrated Garmin’s systems and demanded an extortion fee to allow the company to resume activity as normal.

Garmin previously said its mobile app was experiencing downtime and that it was unable to receive calls or internet chats, while its app broadcast a message that the company was down for “planned” maintenance. The sudden outage resulted in users being unable to log their workouts, track caloric intake and measure their athletic performance.

Shares in Garmin dropped by nearly $3 apiece following the breach, though the stock appears to have mostly recovered by press time.

Subsequent reporting from TechCrunch and other media outlets revealed that the incident was caused by WastedLocker, a ransomware strain tied to Evil Corp., a group of suspected Russian hackers. The U.S. Department of Treasury previously sanctioned alleged Evil Corp. members in connection with more than $100 million in theft.

Garmin said only that it was victimized in an attack “that encrypted some of our systems.” The company did not attribute the breach to Evil Corp., or mention the WastedLocker malware.