Garmin services restored after multi-day cyber attack: Details and next steps

Garmin Forerunner 245
Garmin Forerunner 245 (Image credit: Andrew Martonik / Android Central)

Update, July 27 (1:30 pm ET): Garmin confirms reports of a cyber attack as it promises a slow return to normalcy.

Update, July 27 (10:30 am ET): Garmin's services are slowly being restored after days spent offline.

Update, July 25, (9 am ET): According to reports, Garmin has been impacted by a widely-circulated WastedLocker ransomware attack that's encrypted the company's servers worldwide.

Update, July 23 (2:50 pm ET): The outage has been linked to a ransomware attack and is expected to continue for multiple days.

What you need to know

  • Garmin Connect has been suffering a multi-day outage, affecting all services.
  • This includes the Garmin Connect app, website, and customer support channels.
  • It has since been revealed that the outage is caused by a ransomware attack.

If you're having trouble syncing your phone with your Garmin smartwatch, it's not your fault. Garmin Connect has been suffering an outage that has stretched on for multiple days, starting at around 11:30 p.m. ET on July 22 according to reports on Twitter.

How to get your data off of your Garmin watch

At first, the company tried to brush it as a maintenance issue that was being quickly addressed. As the hours stretched on, it eventually admitted it was suffering an outage that affected almost every consumer-facing area, including its app, site, and even customer support centers.

See more

It was later revealed by third parties that Garmin was affected by a ransomware attack, which makes far more sense considering the multi-day outage and minimal information provided by Garmin. Ransomware infects computer systems inside a company, encrypting the data and holding it hostage for compensation to the attackers.

After two days of its business being completely shut down, Garmin updated its website (opens in new tab) with a full description of the service outages. It also included a quick FAQ with more information on what can be expected during the ongoing outage. It says there is "no indication" customer activity or payment data has been compromised, and that when services return, watches will upload anything tracked locally during the outage. Thankfully, the "inReach" emergency services and messaging features of Garmin watches continue to work normally.

Everything is shut down, and there's still no hint of a timeline for a return.

Interestingly, having Garmin's backend service disrupted means that not only can you not use its cloud services, you can't even sync your watch locally to the app. The outage is also keeping its forums and customer service offline; though we now know neither one is of much use because there is no fix for end-users — we just have to wait for Garmin to figure things out.

If you have activities on your Garmin watch that haven't yet been synced and you'd like to get them uploaded to another service, like Strava or Endomondo, you can do so manually using your computer.

Just plug your Garmin watch into your computer, and navigate to it as if it were a drive or SD card. (If you're on a Mac, you'll need to use the Android File Transfer tool — yes, really — to browse the files.) Look for the "Activity" folder, scroll to the bottom and find the latest ".fit" files, and drag the files you want over to your computer. Services like Strava will happily upload a .fit file and generate a complete activity identical to what you'd see if Garmin uploaded it through the app.

Update, July 27 (1:30 pm ET) — Garmin has confirmed that it fell victim to a cyber attack as it offers apologies to customers.

Garmin today announced that it had been the victim of a cyber attack, forcing the multi-day outage it had suffered over the weekend. The company thanked customers for their patience but noted that it would take a while before all systems were fully restored. "We have no indication that any customer data, including payment information from Garmin Pay™, was accessed, lost, or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services," Garmin said. Users had already reported limited access to services earlier in the day.

Update, July 27 (10:30 am ET) — Garmin's services are slowly coming back online after a multi-day outage.

After days spent offline, Garmin's services are now slowly coming back offline. Going off the company's online status indicator (opens in new tab), dashboard, activity details and uploads, device registration, and a few other features are fully functional. Strava and third party sync among others remain limited for the near future with delays expected.

Update, July 25 (9 am ET) — Garmin's servers have been infected with WastedLocker ransomware. There's no word on when service will resume.

Ransom Note

Source: BleepingComputer (Image credit: Source: BleepingComputer)

Security research site, BleepingComputer, reports that Garmin's servers have been infected with the widely-used WastedLocker ransomware, encrypting all the files on computers connected to the company's network -- even remote PCs connected through VPN.

Sources close to BleepingComputer say that the thieves are asking for a $10 million USD ransom to unencrypt the files on every PC using a custom key.

Update, June 23 (2:50 pm ET) — The outage and downtime have been attributed to a ransomware attack

ZDNet reports that the outage is due to a ransomware attack. According to ITHome, Garmin expects services to remain down possibly through July 25th while it works to resolve the issue and secure user data.

Andrew was an Executive Editor, U.S. at Android Central between 2012 and 2020.

4 Comments
  • Not a good look for Garmin. Today's run will have to wait until it sync's over. Nevermind, it's Friday tomorrow!
  • Time for them to wipe and rebuild. It would be easier to pay, but that would encourage a trend that nobody wants.
  • Services partially back up and running this morning. Maybe they only paid the first installment of the ransom?😂
    As already mentioned there's no point paying the ransom as they'll just be targeted again most likely. Time to fix the issue and tighten the ship to make themselves less vulnerable. This Russian hacker is obviously making a tidy profit doing this after seeing his lifestyle
  • Garmin is not talking, but they get the encryption key from the hacker, so he is apparently satisfied, lol.