On Thursday, hackers hit the navigation and fitness giant Garmin with a ransomware attack that took down numerous services across the company. Garmin Connect, the cloud platform that syncs user activity data, went dark, as did portions of Garmin.com. But as athletes found themselves unable to record runs and workouts, pilots who use Garmin products for position, navigation, and timing services in airplanes were dealing with their own problems.
The flyGarmin and Garmin Pilot app both suffered days-long outages, hindering some Garmin hardware used in planes, including flight-planning mechanisms and the ability to update mandatory FAA aeronautical databases. Garmin, which waited until Monday to confirm that a cyberattack caused the trouble, also saw its corporate email systems and customer call centers hobbled by the assault. (Throughout the weekend, emails to Garmin public relations staffers bounced back and phone calls wouldn’t connect.) Some reports indicate that Garmin’s ActiveCaptain maritime app also suffered outages.
Garmin’s services started to flicker back online on Monday, four days after the outages began. The incident underscores the pressing threat ransomware continues to pose across industries, though, particularly when it can disrupt services that millions of people rely on.
Garmin said in a statement Monday that has no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen.” The company declined to comment to WIRED on the specific impact to position, navigation, and timing services. The Garmin Aviation Twitter account posted on Thursday that, “We are currently experiencing an outage that affects the Garmin Pilot App and as a result, some services, such as flight plan filing, may be unavailable.” The account tweeted an update on Monday: “Many of the systems and services affected by the recent outage, including flyGarmin and Garmin Pilot, are returning to operation. Some features still have temporary limitations while all of the data is being processed.”
Numerous pilots reported on social media and aviation forums that they were dealing with problems as a result of the Garmin outages. Many pointed to difficulties planning and scheduling flights. They also highlighted their inability to download database updates for their Garmin navigation systems—a major issue since the Federal Aviation Administration requires that planes have updated databases to fly. Those updates happen once a month; the most recent came out on July 16, so it had already been downloaded for many planes—a lucky happenstance for Garmin. Pilots can download the updates elsewhere, but would have to subscribe to a different platform.
And the disruptions were not just theoretical.
“The biggest issue at my flight school is not being able to update the databases for the Garmin 430s we have in all our planes—we use them for navigation,” says Taren Stanton, a flight instructor at Front Range Flight School in Colorado. “Legally we can’t fly an instrument flight plan using them for navigation if they aren’t kept updated. We had one plane that was temporarily grounded because of that.”
Pilots separately use tablet apps as backups to flight plan and navigation systems, but those who use Garmin Pilot wouldn’t have had that failsafe available. “Those users lost some services like being able to file a flight plan from their iPad,” Stanton says. “They either had to go on the FAA website or call a phone number to file, which is a huge pain.”
Ransomware attacks have increasingly targeted industrial control systems and critical infrastructure, from oil refineries, gas pipelines, and power grids to hospitals. Sometimes these attacks use the guise of ransomware as a distraction, as with the destructive NotPetya malware that swept the world in 2017. More often the attackers are criminals looking to take advantage of victims that have the most to lose when their systems go down, making them more likely to pay up to restore them.