Services at GPS and wearables company Garmin Ltd. are in the process of being restored following a ransomware attack last week, with the blame for the attack pointed at the hacking group Evil Corp.

The attack, confirmed by the company as a “cyberattack that encrypted some of our systems July 23,” is described as causing various services “including website functions, customer support, customer-facing applications and company communications” to be disabled. Garmin claims there’s no indication that any customer data, including payment information, was accessed, lost or stolen.

The company said affected systems are in the process of being restored, promising a return to normal operations over the next few days. Although its website and consumer-facing services appear to have been restored, The Register reported that its aviation services were still lagging.

The significance of Garmin’s services to the aviation sector are huge. “Pilots have expressed that since the event occurred, they’ve been unable to download updates to Garmin’s navigation database onto their Garmin navigational systems,” Curtis Simpson, chief information security officer at “internet of things” security firm Armis Inc. told SiliconANGLE. “The FAA requires that all pilots are running the latest version of the database.”

As a result, he said, “aviation customers that rely on their flight planning services would have also experienced delays as a result of needing to execute slower backup processes designed to manage flight plans in case of system/service failures. Though the risk to human life would have been limited as a result of the airline industry’s well-established disaster recovery plans and backup procedures to ensure that critical services could be maintained, this event would have further impacted an industry that has been very publicly affected by the current pandemic.”

At the time of the attack, it was reported that WastedLocker, a form of ransomware linked to Evil Corp, was used in the attack. BleepingComputer reported Friday that according to its sources at Garmin, this was the case and a $10 million ransomware was demanded. Further, the report claimed that the ransomware used a unique customer extension, .garminwasted, on encrypted files suggesting that the attack on Garmin was targeted.

The only possible good news for Garmin is that Evil Corp is not known to sell company details. “Unlike other actors that have started releasing compromised data online and/or selling such data to the highest bidder on the dark web, Evil Corp has not been taking such actions when affected companies fail to pay ransoms,” Simpson said. “Rather, their targeted approach has involved compromising employee accounts, systematically assessing security capabilities and exposures and then disabling such capabilities where possible, such as disabling malware protection, and exploiting vulnerabilities to deliver and widely propagate the ransomware attack through the environment.”

Photo: Solomon203/Wikimedia Commons