Forum menu
Is this why I’ve had two rides this week not record/upload properly then?
🤬
As for uploading to strava, the USB ports on my MacBook have committed Harry kari, provide power but don’t do the data thing anymore, and my work laptop is locked down so can’t even use that.
Same here. Google cache from Garmin forums reckons it's the cable - most don't work some do. Somewhat sceptically I tried a few cables until eventually....bingo!
So try a few cables...
Annoying know. I wish the data was all stored locally and the online stuff merely a copy.
It’s affecting flyGarmin too - soon the aviation databases will be out of date and stop aircraft going flying.
Mostly small ones, but still - it’s not all dubious 5k PB claims!
Just seen this on another cycling forum:
Knowing Garmin, it was probably just a new version of their own software that they pushed to their servers.
There is/was a new software update due
Update of what though? My Fenix 6 updated last weekend and from what I can tell updates on that tend to be quarterly...was it Connect getting an update?
I appear to have a real interest in this and I'm not sure it is purely down to the fact I'm wanting to get these new scales set up!
was it Connect getting an update?
No. Despite Garmin's silence on the subject, there's been a steady set of leaks both from their manufacturing in Taiwan, and their HQ in Kansas City (yey for anonymous Reddit!) saying that it's a ransomware attack. Obviously still relatively little information on the scope of the attack - for all we know, they might have turned Connect off to protect it - but the fact that they lost their telephone system too tells me that their problems may well run deep and that it won't be coming back quickly - one doesn't turn off customer services when you're in the middle of the biggest service outage in the company's history!
My guess is that it'll take a few days at best, but after 24 hours they've surely got to make some form of public statement on this today!
It's getting on a bit for Garmin to remain quiet on this. Lot of personal data at risk if this is ransomware.
I appear to have a real interest in this and I’m not sure it is purely down to the fact I’m wanting to get these new scales set up!
I had the scales up and running for a week! really good while they were working. I can still get the readings with GC down, however all that I can do now is make a note of the weight reading and wait until GC comes back up and manually add the weight readings for the dates when GC was down.
Annoyingly its only the weight stats that can be manually added, not all of the other ones.
DLA Piper were the law firm I was thinking of that got hit by a ransomware attack in 2017. Took them 2 or 3 days just to get email back up and running and even then without emails from before the attack pretty much. Took them ages to get any previous documentation and systems operational.
Garmin must have quite a number of systems in the background to support what they do.....if the ransomware hackers got in and looked round for a few days identifying all the end points in the systems and backups etc this could be devastating.
Depending on how long this outage lasts, next time the scales sync they do seem to remember a few past readings - I know when I have had wifi issues previously more than just the latest weight reading uploaded.
I'm assuming as it can't connect, the scales can't be registered so won't do much...so it is a waiting game for me, but looking at all this, I've a few things that rely on the Garmin sync, so those will all be impacted as well for a bit.
Annoying know. I wish the data was all stored locally and the online stuff merely a copy.
Quite. I used to be quite particular in doing exactly this myself, but I got lazy. I think I might go back to my old ways. I've only ever used Garmin as a way to get stuff into Strava.
Security is hard, but given the quality of the software they put out, I'm not surprised to learn that Garmin aren't very good at it.
Having been burnt in the past with devices that need a connected service to work I try to get stuff that will work autonomously, if with slightly degraded functionality sometimes. At least it's pretty easy to get ride data off most Garmin devices without Connect.
A bit of info on the suspected ransomware from Malwarebytes;
WastedLocker is a new ransomware operated by a malware exploitation gang commonly known as the Evil Corp gang.
The attacks performed using WastedLocker are highly targeted at very specific organizations. It is suspected that during a first penetration attempt an assessment of active defenses is made and the next attempt will be specifically designed to circumvent the active security software and other perimeter protection.
The main Garmin site is back up for me (UK & US) and I can get into my account (anything I should be doing to protect my details?)
Is does seem to be Connect/Express specific at the moment.
PJay
Member
The main Garmin site is back up for me (UK & US) and I can get into my account (anything I should be doing to protect my details?)Is does seem to be Connect/Express specific at the moment.
really - im still getting maintanence prompts, both android app and web browser..
edit, not the connect site - just the commercial website. That's likely to be hosted by another comapny and the websales may also go via another non garmin platform, so not surprised in that case
Yup Garmin site is up but not the connect.
anything I should be doing to protect my details?
With any service that's had an issue like this, I'd change the password. Also, worth checking if they have any second-factor security you can enable.
I was going to get one of their new solar watches today, perhaps I'll hold off.
Having discounted Hammerhead over their lies and messing about the initial backers, together with the lack of sound alerts, I'm now looking at the Karoo 2 with interest as a replacement for my aging Edge 810...
If it was a bad attack they probably took everything offline to protect data/servers from further attacks/sync issues with people trying to upload etc.
A company the size of garmin with the web services they provide, they'll more than likely have multiple server regions, which will all be replicated with each other.
And let's not forget that 'the cloud' is just 'another person's computer' - stuff in 'the cloud' is stored in datacentres all over the world, replicated across multiple servers etc.
If it was a bad attack they probably took everything offline to protect data/servers from further attacks/sync issues with people trying to upload etc.
A supposed company email said exactly that they were everything offline due to a supposed attack at one site.
I've seen cryptolocker attacks happen and they spread very quickly, the first thing you do if you catch it early enough is isolate the affected servers to stop the spread. It may have only started on one server but if that one server replicates data across the world, that's bad times.
It won't come back online until they've patched the security hole, restored the lost data back to the last known good data, and verified all other servers/services across the world haven't been affected. You don't want to be putting stuff back online unless the flaw has been patched and everything is back fully - I'd rather it was done properly than rushed. A few days without garmin data is no loss, really.
They'll have decent backups too, it's the small companies which get hit with these attacks that don't. With decent backups, you can be back up and running the same day - that's for a company with a single datacentre though, not something like garmin which will have infrastructure spread all over the world.
If it was a bad attack they probably took everything offline to protect data/servers from further attacks/sync issues with people trying to upload etc.
A company the size of garmin with the web services they provide, they’ll more than likely have multiple server regions, which will all be replicated with each other.
From reading about the organisation that seem likely to be behind this, it's quite possible that they had thoroughly compromised Garmin's infrastructure, possibly for an extended period, prior to them actually killing stuff. If they had multiple regions (I don't think they do though), then expect them, all to have been compromised. If they could get access to the backups, expect the same. Source code repositories? I'm sure they'd be made a priority.
They'll have taken their time and been thorough, in order to take down as many things as possible and make it as hard as possible for them to restore service without paying money. This won't be a random "computer to computer to computer" infection, but a targeted attack with real people running the show...and it'll be much more damaging as a result.
Well into day 2 now, so it seems that they've been successful to some extent...
It's made it to the BBC - https://www.bbc.co.uk/news/technology-53531178
Just out of interest, I understand the 'Ransom' aspect and the need to pay to decrypt the data but is all the data also compromised and accessible to the hackers for farming and selling on (sorry, I'm a bit vague about all this)?
Just out of interest, I understand the ‘Ransom’ aspect and the need to pay to decrypt the data but is all the data also compromised and accessible to the hackers for farming and selling on (sorry, I’m a bit vague about all this)?
Possibly, it's impossible to know at this stage with the limited information we have. It's plausible that their only goal was to extort money in return for the decryption of files. It would be a much simpler objective than to flog all the personal data but who knows at this stage. If you share a password with any other service you should change it.
Just out of interest, I understand the ‘Ransom’ aspect and the need to pay to decrypt the data but is all the data also compromised and accessible to the hackers for farming and selling on (sorry, I’m a bit vague about all this)?
It's a really good question and the answer, I'm afraid, is "maybe, but probably not". These attacks tend to fall into two camps - the first is where the denial of service is the coercing factor (as is probably the case here) and the second is where revealing data to the public is more critical (e.g. a law firm or bank). While there may be some noise that would come of publicising the world's exercise habits, the reality is that few would really care. After all, most rides on Strava are public anyway (assuming you want to appear on segment boards), so a lot of people wouldn't care.
My guess (and it really is just that) is that this is probably the former type of attack and the greater risk is probably that your data will be destroyed rather than released to the public, but this is pretty unprecedented, so noone really knows...
Generally no, the point of a ransomware attack is to encrypt data so the business can't access it and demand payment to un-encrypt the data. The hackers want the company to know they've been done, often they'll place files giving their demands on the servers.
Data breaches are done to gain access to customer data - email addresses, passwords, etc etc so for that purpose the hackers don't want the target business to know they've been able to get access to the data.
Of course, an attack can be both but generally they're one or the other, they have different goals.
Another type of attack is just done to bring a business to its knees and stop it from operating, which could be a ransomware, or DDOS attack, or other, or all of them.
Another type of attack is just done to bring a business to its knees and stop it from operating, which could be a ransomware, or DDOS attack, or other, or all of them.
I was reading about an example of that sort of thing only this morning, coming from Russia a couple of years ago and affecting a huge swathe of people and businesses, including Maersk.
There's another important part of users' data held by Garmin - our home locations. While you can set privacy zones in Strava and other apps, that only affects what everyone else can see, the data from and to your door is still in the files. If I go for a ride with my wife, my activity shows me starting from our door, hers from the edge of her privacy zone and vice versa.
Simple to write a script to extract the first and last minutes of every activity then offer it to local crims with "bikes at this location" type hints.
It's for that reason I never start tracking near my home.
Oh well, if it wasn't for Covid I'd be somewhere in the wilds of Finland and reliant on my Garmin Inreach for weather forecasts and reassuring the folks at home that I was still alive.
or DDOS attack
Oh oh oh oh, this is what my son expertise is in stopping this.
He has explained it in stupid mum & dad language, but we still have no idea 🤷♀️🤷♂️
Oh oh oh oh, this is what my son expertise is in stopping this.
He has explained it in stupid mum & dad language, but we still have no idea
In very basic terms, it's a flood.
Take that sewer pipe/drain (the server) and chuck so much water (network requests) at it that it can't cope, the drain (server) gets overwhelmed and stops working properly.
Same principle, really.
Web servers (like the one we're posting on right now) can handle a certain number of hit/visits/users at any one time. Pump 100/1,000/10,000x that number and what happens? It can't cope and breaks.
DDOS: basically think of it as a digital version of someone organising a crowd shouting at the top of their voices so no-one can hear you speak.
Ooh.
Garmin Connect is no longer giving me 404 errors at sign-in, but instead javascript errors.
( A new Garmin Explore turned up yesterday. I'd quite like to get it talking to my phone so I can send a route to follow).
Just bought my missus a new Garmin too.
Her first, reluctant step in to smart tech and within a week the platform has been hacked.
Might have to keep it quiet for a while and see if she notices.
Her first, reluctant step in to smart tech and within a week the platform has been hacked.
It’s her fault!
Burn the witch!
Brill ‘documentary’ article on Ransomware for the poster child of being sat on your arse and getting back up.
https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Edit: previously posted by soundninja up there. Worth a read though.
Thanks that was a good read.
DDOS: basically think of it as a digital version of someone organising a crowd shouting at the top of their voices so no-one can hear you speak.
Like a thread when certain people start posting.
Bit more info leaking out now and this website seems to have as much info as anyone: https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/
Apparently, they've been asked to pay a $10 million ransom. I'll not put my usb cable away just yet...
I wonder how much is the Kremlins cut.
