Garmin down - ransomware? - Page 2
Page 2 of 2 FirstFirst 12
Results 26 to 49 of 49
  1. #26
    tlg
    tlg is offline
    RoadBikeReview Member
    Reputation: tlg's Avatar
    Join Date
    May 2011
    Posts
    16,847
    Quote Originally Posted by nOOky View Post
    I feel bad for Garmin, but I wonder how much companies actually prepare for such an attack. I don't know much about the security aspect of this stuff, but perhaps they should have offered 5 million to anyone that could reverse the file encryption and help root out the source.
    Nope. The files are 256 bit encrypted.

    A 256-bit encryption key will have 115,792,089,237,316,195,423,570,985,008,687,907,85 3,269,984,665,640,564,039,457,584,007,913,129,639, 936 (thatís 78 digits) possible combinations. It would literally take billions of years to crack it

    No Super Computer on the face of the earth can crack that in any reasonable time frame.
    The Tianhe-2 (MilkyWay-2), the fastest supercomputer in the world, will take millions of years to crack 256-bit AES encryption.
    Custom Di2 & Garmin/GoPro mounts 2013 SuperSix EVO Hi-MOD Team * 2004 Klein Aura V

  2. #27
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2004
    Posts
    5,790
    Quote Originally Posted by nOOky View Post
    Our little company was hit a couple months ago. It took about 3 days to rectify. We had everything backed up, but the backups were a day old, so a lot of us had to repeat a day's work.

    I feel bad for Garmin, but I wonder how much companies actually prepare for such an attack. I don't know much about the security aspect of this stuff, but perhaps they should have offered 5 million to anyone that could reverse the file encryption and help root out the source.

    Garmin has effectively killed two devices I have had with updates in the past, both via software update, both affecting battery life. To their credit they replaced one, but it took a while and was irritating.
    I think they know the source - Evil Corp. The problem is that this organization is supported and sanctioned by the Russian government and allowed to wreak mayhem on US and European businesses and government. I don't know if they paid the ransom or were somehow able to decrypt the files.

  3. #28
    RoadBikeReview Member
    Reputation:
    Join Date
    Dec 2014
    Posts
    3,013
    Quote Originally Posted by tlg View Post
    Nope. The files are 256 bit encrypted.

    A 256-bit encryption key will have 115,792,089,237,316,195,423,570,985,008,687,907,85 3,269,984,665,640,564,039,457,584,007,913,129,639, 936 (thatís 78 digits) possible combinations. It would literally take billions of years to crack it

    No Super Computer on the face of the earth can crack that in any reasonable time frame.
    The Tianhe-2 (MilkyWay-2), the fastest supercomputer in the world, will take millions of years to crack 256-bit AES encryption.
    You don't attack the crypto itself, you attack the implementation. Many of those ransomware malware programs share the same code, and some did not even utilize randomness, makes them easy to break with the right tools...

  4. #29
    Master debator.
    Reputation: nOOky's Avatar
    Join Date
    Mar 2009
    Posts
    8,686
    Without sending this to PO, I doubt the U.S. govt. is much help if they don't show any interest in reigning in cyber crime or even little things like election hacking. If it's up to the private sector I would hope that given the proper motivation we could protect ourselves from this type of attack. I refuse to believe the US. doesn't have any talent capable of retaliating.

    Quote Originally Posted by DaveG View Post
    I think they know the source - Evil Corp. The problem is that this organization is supported and sanctioned by the Russian government and allowed to wreak mayhem on US and European businesses and government. I don't know if they paid the ransom or were somehow able to decrypt the files.
    "I felt bad because I couldn't wheelie; until I met a man with no bicycle"

  5. #30
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2004
    Posts
    5,790
    Quote Originally Posted by nOOky View Post
    Without sending this to PO, I doubt the U.S. govt. is much help if they don't show any interest in reigning in cyber crime or even little things like election hacking. If it's up to the private sector I would hope that given the proper motivation we could protect ourselves from this type of attack. I refuse to believe the US. doesn't have any talent capable of retaliating.
    I think we have retaliated in the past against Russia, or at least Trump claims we have. Also the Justice Dept. has a $5M bounty on Maksim Yakubets, leader of Evil Corp

  6. #31
    Weed
    Reputation: zyzbot's Avatar
    Join Date
    Feb 2004
    Posts
    1,036

    Garmin Slowly coming back on line

    Garmin Slowly coming back on line

    https://www.cnn.com/2020/07/27/tech/...ine/index.html

  7. #32
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2004
    Posts
    5,790
    Quote Originally Posted by zyzbot View Post
    They must be fixing things in waves. I have been fully up since this morning but others are not up

  8. #33
    RoadBikeReview Member
    Reputation:
    Join Date
    Apr 2013
    Posts
    3,656
    Quote Originally Posted by DaveG View Post
    They must be fixing things in waves. I have been fully up since this morning but others are not up
    My brain tells me its fake news but sky claims Garmin paid the ransome. Can't find one of my trusted news sites to confirm.

  9. #34
    RoadBikeReview Member
    Reputation:
    Join Date
    Apr 2013
    Posts
    3,656
    Quote Originally Posted by nOOky View Post
    Without sending this to PO, I doubt the U.S. govt. is much help if they don't show any interest in reigning in cyber crime or even little things like election hacking. If it's up to the private sector I would hope that given the proper motivation we could protect ourselves from this type of attack. I refuse to believe the US. doesn't have any talent capable of retaliating.
    The current administration lack the will, not the ability. U.S. has engaged in cyberwarefare against Iran successfully. And when it comes to this Iran is right up there with China and Russia in terms of ability. Maybe just a notch below.

  10. #35
    Adorable Furry Hombre
    Reputation: Marc's Avatar
    Join Date
    Jan 2005
    Posts
    29,445
    Quote Originally Posted by JSR View Post
    I was able to upload rides from my Edge 520 Plus directly into Strava. It required a USB connection to my desktop computer, but wasnít too difficult. Easier than posting pictures to Roadbikereview. 
    Quote Originally Posted by nOOky View Post
    Without sending this to PO, I doubt the U.S. govt. is much help if they don't show any interest in reigning in cyber crime or even little things like election hacking. If it's up to the private sector I would hope that given the proper motivation we could protect ourselves from this type of attack. I refuse to believe the US. doesn't have any talent capable of retaliating.

    What is a few lost customers, a bunch of breached consumer data, and a few down service days? Securing IT infrastructure costs big bucks to do--and is a never ending war.

    In the last decade basically every single major US consumer corporation has had massive severe database breaches exposing sensitive customer and corporate info. Fow a while it was one every other week. What has happened to them? Basically nothing. No fines. No one went to0 jail. Not even a strongly worded letter from the DOJ. Corporate SOP is the Trump strategy: deny there's a problem when news breaks, minimize the problem while it is being public spotlight material...and then months later when something else has happened--finally admit how bad it was and how many millions of VISA cards and SSNs and customer addresses/names etc were leaked--on a Friday night at 1045PM at night.


    In the USA, data breaches have basically no consequence for the company guilty of idiocy. Ergo CEOs don't bother going Resident Evil style containment to stop it--because that costs money (for literally nothing) and that angers shareholders.
    "Refreshingly Unconcerned With The Vulgar Exigencies Of Veracity "

  11. #36
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2004
    Posts
    5,790
    Quote Originally Posted by Trek_5200 View Post
    My brain tells me its fake news but sky claims Garmin paid the ransome. Can't find one of my trusted news sites to confirm.
    I would not expect Garmin to admit to paying the ransom even if they did. I feel that crypto currency is a huge enabler for hackers, but there i no easy way to stop it

  12. #37
    I love to climb!
    Reputation: Jwiffle's Avatar
    Join Date
    Mar 2005
    Posts
    2,020
    Quote Originally Posted by Trek_5200 View Post
    My brain tells me its fake news but sky claims Garmin paid the ransome. Can't find one of my trusted news sites to confirm.
    I read that Garmin was not legally allowed to pay the ransom even if they wanted to.
    Stop in at Element Sports. www.elementsport.com
    Get Out! Have Fun!

  13. #38
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2014
    Posts
    157
    My Wahoo friends have been encouraging me to switch. Iíve been happy with the 530, but am open to change. It was between the 530 and the Elemnt Roam. The Roam was a bit underwhelming, so I went w/ the 530. In hindsight I likely I wouldíve been happy w/ either.

    My friends have the Bolt but if Iím changing devices I want a bigger screen than it has.

    The only hesitation on switching to the Roam would be all of my ride data (and all exercise workouts) going back to 2013 is on GC. I store rides on Strava, since 2015, but no other workout data. Any suggestions are welcomed.

  14. #39
    RoadBikeReview Member
    Reputation:
    Join Date
    Apr 2013
    Posts
    3,656
    Quote Originally Posted by Mckdaddy View Post
    My Wahoo friends have been encouraging me to switch. Iíve been happy with the 530, but am open to change. It was between the 530 and the Elemnt Roam. The Roam was a bit underwhelming, so I went w/ the 530. In hindsight I likely I wouldíve been happy w/ either.

    My friends have the Bolt but if Iím changing devices I want a bigger screen than it has.

    The only hesitation on switching to the Roam would be all of my ride data (and all exercise workouts) going back to 2013 is on GC. I store rides on Strava, since 2015, but no other workout data. Any suggestions are welcomed.

    My brother would become an advocate of every car he bought until he switched. This is just human nature. The bolt crowd is like a cult. I've been very happy with my Garmins. I switched to a 1030 the year I rode La Marmotte for the larger display and longer battery life. Its a bit pricey but a great product. Ransomware is a fact of life. Garmin didn't get attacked because Evil Corp likes Bolt. They could be next. Switching because of this would be silly in my view. If anything they will undergo a security audit and come out stronger.

  15. #40
    Adorable Furry Hombre
    Reputation: Marc's Avatar
    Join Date
    Jan 2005
    Posts
    29,445
    Quote Originally Posted by JSR View Post
    I was able to upload rides from my Edge 520 Plus directly into Strava. It required a USB connection to my desktop computer, but wasnít too difficult. Easier than posting pictures to Roadbikereview. 
    Quote Originally Posted by Trek_5200 View Post
    My brother would become an advocate of every car he bought until he switched. This is just human nature. The bolt crowd is like a cult. I've been very happy with my Garmins. I switched to a 1030 the year I rode La Marmotte for the larger display and longer battery life. Its a bit pricey but a great product. Ransomware is a fact of life. Garmin didn't get attacked because Evil Corp likes Bolt. They could be next. Switching because of this would be silly in my view. If anything they will undergo a security audit and come out stronger.
    Not a cult....Rather, The way they ran their business for the last 15 years galvinized their own customer base against them. And as soon as there was a viable alternative, they left....and their own long-term customers became their own worst anti-advocates.

    To be fair, Garmin has shaped up*

    *It started as soon as they had any real competition to speak of in the cycling GPS business....up until then, they clearly barely gave a crap. I owned Garmin cycling GPSes for a 10 year period....nothing about how they ran their business changed, until suddenly all us disaffected users voted with our wallets and got a Wahoo....I only came back because the price-point and feature-parity or ROAM and 830 is grossly slanted in the 830's favor.
    "Refreshingly Unconcerned With The Vulgar Exigencies Of Veracity "

  16. #41
    tlg
    tlg is offline
    RoadBikeReview Member
    Reputation: tlg's Avatar
    Join Date
    May 2011
    Posts
    16,847
    It appears Garmin may have paid the ransom through a back channel or third party.

    https://news.sky.com/story/garmin-ob...ttack-12036761
    Garmin obtains decryption key after ransomware attack

    The sanctions mean that "US persons are generally prohibited from engaging in transactions" with the cyber criminals, although the US Treasury did not respond to questions about whether the general prohibition applied in the circumstances of extortion.

    Sources with knowledge of the Garmin incident who spoke to Sky News on the condition of anonymity said that the company - an American multinational which is publicly listed on the NASDAQ - did not directly make a payment to the hackers.
    Custom Di2 & Garmin/GoPro mounts 2013 SuperSix EVO Hi-MOD Team * 2004 Klein Aura V

  17. #42
    RoadBikeReview Member
    Reputation:
    Join Date
    Dec 2014
    Posts
    3,013
    Quote Originally Posted by Trek_5200 View Post
    My brother would become an advocate of every car he bought until he switched. This is just human nature. The bolt crowd is like a cult. I've been very happy with my Garmins. I switched to a 1030 the year I rode La Marmotte for the larger display and longer battery life. Its a bit pricey but a great product. Ransomware is a fact of life. Garmin didn't get attacked because Evil Corp likes Bolt. They could be next. Switching because of this would be silly in my view. If anything they will undergo a security audit and come out stronger.

    This... ransomware attacks are low hanging fruit attacks, they are not targeted attacks. Just takes a single person with the right (or incorrectly configured) access controls to take down an entire org.. It's what pays my bills regularly

    What this, and every incident I come across shows, is that organizations suck at risk management (which is of course why my company gets hired ), and focus far too much on external threats, while ignoring, or not spending enough time on reducing the risk of insider threats (insider threats are not always intentional, carelessness counts as well).

  18. #43
    RoadBikeReview Member
    Reputation: nayr497's Avatar
    Join Date
    Nov 2008
    Posts
    1,899
    I know this is a bigger deal...but as someone who, at most, uses a basic computer to track KMs and time...ah, big deal. Folks won't get their ride data. A welcome opportunity to just ride a bike again.

    *And again, I know this is bigger than this...hackers, people use Garmin devices to fly planes...etc. But my immediate reaction is Great! More folks will just ride their bikes and ignore their watts, etc.

  19. #44
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2004
    Posts
    5,790
    Quote Originally Posted by Jwiffle View Post
    I read that Garmin was not legally allowed to pay the ransom even if they wanted to.
    Read that too. Let's say they did pay the ransom, what exactly would the Justice Dept do? Fine them? Throw Garmin management in jail? My understanding is that State and local governments have also been hacked by Evil Corp. Did they pay the ransom?

  20. #45
    Adorable Furry Hombre
    Reputation: Marc's Avatar
    Join Date
    Jan 2005
    Posts
    29,445
    Quote Originally Posted by JSR View Post
    I was able to upload rides from my Edge 520 Plus directly into Strava. It required a USB connection to my desktop computer, but wasnít too difficult. Easier than posting pictures to Roadbikereview. 
    Quote Originally Posted by DaveG View Post
    Read that too. Let's say they did pay the ransom, what exactly would the Justice Dept do? Fine them? Throw Garmin management in jail? My understanding is that State and local governments have also been hacked by Evil Corp. Did they pay the ransom?
    In the Trump era...absolutely nothing. They'd probably get a Medal of Freedom for it.
    "Refreshingly Unconcerned With The Vulgar Exigencies Of Veracity "

  21. #46
    MDM
    MDM is offline
    RoadBikeReview Member
    Reputation:
    Join Date
    Jun 2020
    Posts
    20
    I would never depend solely on an online service (especially a free one) like Garmin Connect, to store my data. What was the predessor to Garmin Connect? Garmin shut that down and went to Connect. If you didn't get your data out in time, you were SOL. I upload my rides into Golden Cheetah and my computer is backed up. I should also backup my .fit files, but I currently don't (but I will).

  22. #47
    JSR
    JSR is offline
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2006
    Posts
    1,632
    Quote Originally Posted by nayr497 View Post
    I know this is a bigger deal...but as someone who, at most, uses a basic computer to track KMs and time...ah, big deal. Folks won't get their ride data. A welcome opportunity to just ride a bike again.

    *And again, I know this is bigger than this...hackers, people use Garmin devices to fly planes...etc. But my immediate reaction is Great! More folks will just ride their bikes and ignore their watts, etc.
    I appreciate that you like to keep things simple, but why you would think that somehow Garmin usersí experiences are diminished by use of those other features is odd, IMO.

    In any case, this outage does none of what you suppose. The Garmin head units still record and display watts, HR, % gradient, elevation gain, and so on. The outage pertains to Garmin on-line systems used for post-ride analysis, logging, and interfacing to third party systems such as Strava.

  23. #48
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2004
    Posts
    5,790
    Quote Originally Posted by MDM View Post
    I would never depend solely on an online service (especially a free one) like Garmin Connect, to store my data. What was the predessor to Garmin Connect? Garmin shut that down and went to Connect. If you didn't get your data out in time, you were SOL. I upload my rides into Golden Cheetah and my computer is backed up. I should also backup my .fit files, but I currently don't (but I will).
    I've been keeping my ride data in the same software program (Velocipede) since the early 90's. In addition to data it has notes from my rides, things that happened, who I ride with, etc. While I have to manually enter data its worth it to me to have 3 decades of ride data all in one place. I do use Garmin Connect, but not for historical data

  24. #49
    RoadBikeReview Member
    Reputation:
    Join Date
    Feb 2014
    Posts
    157
    Quote Originally Posted by Trek_5200 View Post
    My brother would become an advocate of every car he bought until he switched. This is just human nature. The bolt crowd is like a cult. I've been very happy with my Garmins. I switched to a 1030 the year I rode La Marmotte for the larger display and longer battery life. Its a bit pricey but a great product. Ransomware is a fact of life. Garmin didn't get attacked because Evil Corp likes Bolt. They could be next. Switching because of this would be silly in my view. If anything they will undergo a security audit and come out stronger.

    Agreed. I donít think Iíd be switching 100% b/c of this attack, but admittedly use the attack as an excuse to spend a little money and try something different.

Page 2 of 2 FirstFirst 12

Similar Threads

  1. Man down! Man down!
    By xxl in forum The Lounge
    Replies: 6
    Last Post: 04-14-2013, 04:23 PM
  2. Pedalling technique - toes down or heels down?
    By paul l in forum Racing, Training, Nutrition, Triathlons
    Replies: 48
    Last Post: 09-25-2009, 02:42 PM
  3. 29er down....repeat...29er down...send backup
    By Bocephus Jones II in forum The Lounge
    Replies: 13
    Last Post: 07-24-2008, 09:32 AM
  4. Garmin Edge 305 - powers down while riding
    By fabsroman in forum General Cycling Discussion
    Replies: 9
    Last Post: 05-11-2007, 10:43 AM
  5. Installing a Garmin Edge 305 Cad - battery upside down
    By Midwestern Biker Dude in forum General Cycling Discussion
    Replies: 5
    Last Post: 02-27-2006, 06:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

THE SITE

ABOUT ROADBIKEREVIEW

VISIT US AT

© Copyright 2020 VerticalScope Inc. All rights reserved.