Get extra lift from AOPA. Start your free trial today! Click here

Hackers toppled Garmin networks

Company recovering from four-day outage

Editor's note: This story was updated July 27 after Garmin restored online aviation services and issued a statement.

A cyberattack on July 23 knocked Garmin offline, disabling the company's online products and customer support. The company reported July 27 that most functions had been restored. 

Garmin Pilot app users were unable to file flight plans during a multiday computer disruption that began July 23, but functionality was restored July 27. Photo courtesy of Garmin.

Garmin spokesperson Jessica Koss, reached via cellphone early on July 27, said the company was still working to resolve a computer problem that disabled many Garmin products, including the flyGarmin web portal that supports the Garmin Pilot electronic flight bag app. Hours later, most of Garmin's online problems had been resolved, though a flyGarmin system status message indicated that customer support staff remained unreachable by email and chat, with limited capacity for telephone support. 

Garmin, after days of relative silence (much of it forced), began to explain what happened in a statement posted online attributing the problem to "a cyber attack that encrypted some of our systems." The company did not use the word "ransom," and Koss declined to specify the type of "attack" Garmin had sustained, but malicious software attached to emails that works invisibly to encrypt the files on the targeted computer, followed by a demand for ransom to unlock those files, is a criminal tactic known as "ransomware" and all too familiar to cybersecurity experts.

Garmin said there is no reason to believe that customer data was compromised:

"We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services," the company said. 

While users of Garmin aviation products were certainly inconvenienced by the loss of internet connectivity and functions that depend on that, such as electronic flight plan filing, the timing could have been worse: Electronic navigation charts and instrument procedures were last updated on July 16, and the next update of the downloaded data is scheduled for August 13. Koss said the next aeronautical navigation database update will be available for download by FliteCharts subscribers on August 11.

Garmin Connect users were also affected by the multiday computer outage. Image by David Tulis.

The Associated Press reported July 24 that the disruption affected Garmin Connect, the company’s fitness tracking service, as well. Koss cautioned that some published reports contained inaccurate information, and Garmin GPS navigation systems and other avionics were not actually affected by the outage, though features and functions that require an internet connection were disrupted. The company’s email system was back online July 27; its telephone and other communications systems had also been offline for days, limiting Garmin’s ability to communicate with customers and the media.

An alert message displayed on Garmin’s website during the outage linked to a page that notes Garmin’s satellite communications products were not affected: “inReach SOS and messaging remain fully functional and are not impacted by the outage. This includes the MapShare website and email reply page.”

Multiple media outlets reported, based on information from unnamed sources, that Garmin was the target of a ransomware attack by hackers using a cyber weapon known as WastedLocker.

Garmin declined to immediately confirm the nature of the problem, and did not say whether the company had paid a ransom or overcome the attack in other ways. If published reports prove accurate regarding the nature of the attack and identity of the perpetrators, it may help explain why a giant multinational company struggled for days to restore communications and online services. By some accounts, the alleged ringleader of a Russian hacking operation reported to be behind the attack is wanted by the FBI and has been sanctioned by the U.S. government, which means that paying any ransom would violate federal law.

"We expect to return to normal operation over the next few days," Garmin said July 27. "We do not expect any material impact to our operations or financial results because of this outage."

Garmin is scheduled to report its quarterly earnings on July 29.

“As our affected systems are restored, we expect some delays as the backlog of information is being processed," Garmin concluded. "We are grateful for our customers' patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition.”

Jim Moore

Jim Moore

Managing Editor-Digital Media
Digital Media Managing Editor Jim Moore joined AOPA in 2011 and is an instrument-rated private pilot, as well as a certificated remote pilot, who enjoys competition aerobatics and flying drones.
Topics: Aircraft Modifications, Portable GPS, Apps

Related Articles