# Garmin gets hacked



## Offspring (Jan 29, 2006)

My perfectly working edge 205 is sitting on my desk and I can no longer load the contents to a pc based training program because they stopped supporting that. So I buy a 530 and now everything is down over at gamin by ransom wear. Serves them right.


----------



## Harold (Dec 23, 2003)

Offspring said:


> My perfectly working edge 205 is sitting on my desk and I can no longer load the contents to a pc based training program because they stopped supporting that.


Huh? Should be able to plug the device in, navigate it as a usb drive, and pull the .tcx files off. Shouldn't require any sort of support from Garmin for that.



Offspring said:


> So I buy a 530 and now everything is down over at gamin by ransom wear. Serves them right.


Damn, checked their page and no joke. Still, I wouldn't wish ransomware on anyone. I have a sinking suspicion that data is going to disappear.


----------



## Offspring (Jan 29, 2006)

Harold said:


> Huh? Should be able to plug the device in, navigate it as a usb drive, and pull the .tcx files off. Shouldn't require any sort of support from Garmin for that.


nope


----------



## LMN (Sep 8, 2007)

You can load workouts directly from your 530. I did it yesterday.


----------



## Lone Rager (Dec 13, 2013)

Offspring said:


> nope


 Correct. There should be no .tcx files on a 530. You can, however, pull off the .fit activity files. FWIW: I've been in the habit of saving all my activity files to my pc since getting my first Edge in 2010. I got em all, both tcx and fit. I also save all my courses to my pc. And all those are backed up to the cloud. Kinda overkill, as before then I didn't keep track of rides, miles, hours or anything else going back to when I started riding in 1970.


----------



## Offspring (Jan 29, 2006)

The 305 (that I incorrectly typed as a 205 above) is not recognized as a usb drive, therefore I can't get any files off of it. They stopped supporting it and everything that runs through garmin is cloud based now. The garmin express is no longer available as a local program.

I can/have pulled the data of the new 530 to strava.


----------



## Harold (Dec 23, 2003)

Offspring said:


> The 305 (that I incorrectly typed as a 205 above) is not recognized as a usb drive, therefore I can't get any files off of it. They stopped supporting it and everything that runs through garmin is cloud based now. The garmin express is no longer available as a local program.


My copy of express is local on my machine.

You can probably track down some kind of old software that will still recognize your device.


----------



## Offspring (Jan 29, 2006)

Harold said:


> My copy of express is local on my machine.
> 
> You can probably track down some kind of old software that will still recognize your device.


Mine was until I made the mistake when I was prompted to update it then it went to the cloud/web based. Been thinking about trying to get into time machine to bring back the old version.

Edit: my timemachine doesn't go back far enough to do this.


----------



## Harold (Dec 23, 2003)

Offspring said:


> Mine was until I made the mistake when I was prompted to update it then it went to the cloud/web based. Been thinking about trying to get into time machine to bring back the old version.


https://garmin-express.en.uptodown.com/windows/versions

Possibly either or also

https://garmin-communicator-plugin.software.informer.com/3.0/

https://www.easygps.com/gps-receivers/Garmin-Edge-305.asp


----------



## 6thElement (Jul 17, 2006)

I still use my 830 with Training Center on my PC.


----------



## cmg (Mar 13, 2012)

Since connect is down l resorted to Basecamp again.........


----------



## Lone Rager (Dec 13, 2013)

What do you use Basecamp for? I played with Basecamp a little when I got my first Edge ~10 years ago but never really got into using it.


----------



## Harold (Dec 23, 2003)

https://techcrunch.com/2020/07/25/garmin-outage-ransomware-sources/

Forbes is saying the ransom demand is $10,000,000

https://www.forbes.com/sites/barryc...0m-ransom-to-end-two-day-outage/#6b8c967b3164

Was talking to a buddy of mine who's a systems engineer and works for a regional grocery chain's HQ in town about this last night. He says their company has been hit 3 times with ransomware since he's been there. Apparently the company has taken the risks of ransomware seriously and they use an extremely robust backup system that allows them to restore pretty much 99% of what gets affected by said ransomware. Aside from the extra work it gives them to address it, they've been able to avoid paying out OR having massive disruptions like this.

He wasn't aware of this incident, but he's now curious how everything goes.


----------



## Harold (Dec 23, 2003)

Lone Rager said:


> What do you use Basecamp for? I played with Basecamp a little when I got my first Edge ~10 years ago but never really got into using it.


Among other things, it lets you pull activity data off your Garmin and stores it locally on your computer.

I'm not certain, but it's possible if you upload directly to Strava right now and then when Garmin's systems get back up and Express and Connect are working again, that you might have to clean up duplicate activities from Strava.


----------



## Lone Rager (Dec 13, 2013)

The few times I've tried to manually upload an activity to Strava that had previously been uploaded, it recognized it as a dupe and rejected it. DC Rainmaker says this happens to him all the time because he'll record activities on different devices which upload to Strava and it rejects the dupes. From what he said, it sounded like this is true even between platforms.


----------



## trmn8er (Jun 9, 2011)

I use Strava mostly to track my rides so it's a non issue for many users. I really do not use Garmin Connect much. Simply upload your ride manually from the .fit file located on your Garmin directly to Strava or similar app. I also back up my activities directory on the Garmin occasionally in case my 520 were to fail. 

Even if Strava were to suffer a catastrophic data loss it's not hard to get your rides back as long as you do a back up of your activities. Also have redundant copies too.


----------



## cmg (Mar 13, 2012)

although Harold answered the question, l also needed Basecamp to plan tour since Connect aint working.

As a side note, lve always found Basecamp easy to use (for Garmin software)


----------



## Lone Rager (Dec 13, 2013)

After trying Basecamp, I tried a number of the many on-line sites to plan my rides. I settled on RWGPS long ago. For me, it was easier to use than Basecamp, and with it's multiple maps and views and options provides more complete and up-to-date info. It's also way better than laying out courses in Garmin Connect, IMO.


----------



## Offspring (Jan 29, 2006)

Looks like my activity is back on-line, not sure about system-wide. Good luck.


----------



## TheOtherOne (Jul 27, 2020)

.


----------



## mik_git (Feb 4, 2004)

Yes, seems to be up and running


----------



## Harold (Dec 23, 2003)

my stuff is up. I'd have no way of knowing if I had any data loss, tbh, I've got so much stuff in there going so many years back that I couldn't even remember most of the specific activities from the beginning.

I just hope Garmin didn't cave with the ransomware.


----------



## cmg (Mar 13, 2012)

Im still "in maintenance", Europe


----------



## Joe Handlebar (Apr 12, 2016)

Harold said:


> my stuff is up. I'd have no way of knowing if I had any data loss, tbh, I've got so much stuff in there going so many years back that I couldn't even remember most of the specific activities from the beginning.
> 
> I just hope Garmin didn't cave with the ransomware.


I'm with you on this.... There's no way in hell that money would go anywhere good in the world.


----------



## NordieBoy (Sep 26, 2004)

Connect webpage working, Android app not.
Forerunner 935 synced over WiFi this morning.


----------



## evasive (Feb 18, 2005)

Rides from Friday finally pushed through to Strava this morning. The app opens without crashing and syncs with my watch again. Seems like they're creeping back.


----------



## trmn8er (Jun 9, 2011)

NordieBoy said:


> Connect webpage working, Android app not.
> Forerunner 935 synced over WiFi this morning.


How do you like the 935? Just got one but have not opened it yet. Scored it for $290 brand new. Could not afford the 945. Pm me if you prefer thx

Sent from my iPhone using Tapatalk


----------



## mik_git (Feb 4, 2004)

trmn8er said:


> How do you like the 935? Just got one but have not opened it yet. Scored it for $290 brand new. Could not afford the 945. Pm me if you prefer thx
> 
> Sent from my iPhone using Tapatalk


My GF has one, works very well, does loads of good stuff, I was going to buy one, but got the 645music instead...then caved and just got the 945. Works the same, just does a few extra things that make her sad, haha. The mapping is better, I dont use it but she would, has music, that i dont use, but mostly has the paycard thing, that I find handy from time to time.


----------



## trmn8er (Jun 9, 2011)

Thanks Mik! For the price I figured it’s a deal compared to many other models even if a couple years old


Sent from my iPhone using Tapatalk


----------



## mik_git (Feb 4, 2004)

yeah the 935 is a very good watch, the 945 does more "stuff" but it is still 95% the same


----------



## Catmandoo (Dec 20, 2018)

It was desperate times for some folks


----------



## trmn8er (Jun 9, 2011)

That’s hilarious! 


Sent from my iPhone using Tapatalk


----------



## Harold (Dec 23, 2003)

hahahaha


----------



## SoDakSooner (Nov 23, 2005)

my watch synced to the app this am and my strava stuff uploaded too. They were in reverse chronological order. Took forever to update too.


----------



## ghettocruiser (Jun 21, 2008)

The drawing is awesome. GC is still showing no-go for me today, just been loading the files directly into strava like we used to have to do with the Edge500. 

This event has also made me glad I store my tracklog files for all devices locally (20 years worth now), although I have no idea what I'm ever going to do with them.


----------



## NordieBoy (Sep 26, 2004)

trmn8er said:


> How do you like the 935? Just got one but have not opened it yet. Scored it for $290 brand new. Could not afford the 945. Pm me if you prefer thx
> 
> Sent from my iPhone using Tapatalk


Love it.
Have had a 910XT, 920XT, 620, 935.
I have HR on 24/7 and use it during the day for calendar and phone notifications for work.
Annoyingly, I haven't been sick since I got it to see if my resting HR goes up.
I've also got an Edge 130 and Stages L10 and L50 I use as head units, but all the recording happens on the 935.
I trust what it records.

But I'd like a 945 for for the music, Garmin pay, etc. But only if I can find one 2nd hand.
Could have got a Fenix 6 pro the other day for half new price, but they're so damn heavy.


----------



## trmn8er (Jun 9, 2011)

Thanks Nordieboy. Yeah the 945 is great but for this price 935 seems pretty capable. I always carry my phone anyway for pictures and use it for music and payments so there's that. 

Sent from my iPhone using Tapatalk


----------



## CanuckMountainMan (Oct 29, 2018)

After about a week after the ransom hack, Garmin Connect appears to finally be back up! :thumbsup:

(Have not used my Garmin yet, but the Connect app on my smartphone appears back to normal so far)


----------



## NordieBoy (Sep 26, 2004)

And it seems Garmin must have paid the ransom as it appears they used a decryption key to get the stuff back, and Wasted has no known flaws...

Oh, and I accidentally won a 51mm Fenix 5X on a local auction for well under half new price.
Basically a 935 that's much bigger, much heavier, much more robust and has maps.

I live in constant fear of scratching the glass on the 935 wearing it 24/7.
The 5X should be good for day to day (calendar/notifications/HRM) and the 935 for exercise.
And later if I sell both, that'll cover the price of a 945


----------



## 4Crawler (Oct 30, 2011)

NordieBoy said:


> And it seems Garmin must have paid the ransom as it appears they used a decryption key to get the stuff back, and Wasted has no known flaws...


More details here:
https://www.engadget.com/garmin-cyber-attack-ransomware-payment-180211805.html

Interesting with the possibility of the perp. being under US sanctions and use of payment via a 3rd party to perhaps get around those sanctions :skep:


----------



## Harold (Dec 23, 2003)

I would have preferred to have lost my entire Garmin Connect history than for Garmin to have paid that ransom.


----------



## scottg (Mar 30, 2004)

Harold said:


> I would have preferred to have lost my entire Garmin Connect history than for Garmin to have paid that ransom.


me too. I understand them paying it as it obviously wasn't just user history that would have been lots, but I wish it didn't have to happen. Everything I do is also logged on Trailforks and Strava so it would be no big deal to lose it on Garmin anyway...... but even if I lost it all I'd be ok with it.


----------



## cmg (Mar 13, 2012)

Hopefully they learn from the experience......


----------



## Mudguard (Apr 14, 2009)

Harold said:


> I would have preferred to have lost my entire Garmin Connect history than for Garmin to have paid that ransom.


Which is fine in principle, but could there be a possibility that they could brick devices etc? 
As someone else pointed out, the ransom is probably the cheapest option.


----------



## Harold (Dec 23, 2003)

Mudguard said:


> Which is fine in principle, but could there be a possibility that they could brick devices etc?
> As someone else pointed out, the ransom is probably the cheapest option.


A possibility, but an avoidable one. Just don't use Garmin software (Express or Connect Mobile). Plug it in to a computer via USB and pull ride files off like it's a USB drive.

Would probably cause a bunch of people to lose their **** (so yeah, there'd be a big cost to holding to your principles), but this ransomware bullshit is ridiculous. I do hope Garmin learned a lesson. There are ways to prevent it from going this far. I already mentioned my friend whose company has been hit 3 times with ransomware and their systems and protections are robust enough that they can just do a restore and move on with business. Great big middle finger to the hackers.


----------



## NordieBoy (Sep 26, 2004)

The lesson might just be that no matter who you are, how big you are, how well prepared you are, if the arse holes are good enough and patient enough, you don't have a hope.


----------



## Harold (Dec 23, 2003)

NordieBoy said:


> The lesson might just be that no matter who you are, how big you are, how well prepared you are, if the arse holes are good enough and patient enough, you don't have a hope.


That's pretty much how my friend's company treats it. They know they're going to get hit and there's no practical way to prevent it. Their measures are geared towards recovery with minimal disruption WHEN it happens. They've decided that it's better to pay for the backup system rather than paying off the hackers.


----------



## tuckerjt07 (Nov 24, 2016)

NordieBoy said:


> The lesson might just be that no matter who you are, how big you are, how well prepared you are, if the arse holes are good enough and patient enough, you don't have a hope.


For things like the Garmin attack it's just being better hardened than the next guy. If "someone" has a legitimate beef with you you're not stopping them.

Sent from my SM-N975U1 using Tapatalk


----------



## matadorCE (Jun 26, 2013)

Harold said:


> I would have preferred to have lost my entire Garmin Connect history than for Garmin to have paid that ransom.


Same here, I can't believe they chose to pay the ransom instead of maybe reverting to another build or coming up with something else in the short term but it must be a lot more complicated than that I'm sure.


----------



## Catmandoo (Dec 20, 2018)

matadorCE said:


> Same here, I can't believe they chose to pay the ransom instead of maybe reverting to another build or coming up with something else in the short term but it must be a lot more complicated than that I'm sure.


We can't really know how integrated all their assorted systems were, it seems like very, as everything seemed to go down - Connect, Web Sales, Tech Call Center, Aviation, E-Mail, you name it. It's likely they said "OK, lets go the backup" only to find out the malware had been infecting the system for days, weeks, months, so the backups were no good.

It would take months to re-build, even if they had bare bone core systems backups that hadn't been touched in years. I sense from all I've read that the aviation section was the most critical to get back, it's much more important to the users then fitness and automotive, who's devices essentially keep working even though there's no cloud, which if they are smart, is something they are doing anyway, and hopefully off site and protected. I expect that we will see changes to the user end in the coming months or years as in truth, they really cannot trust the old system at this point.

Somebody did the math and likely figured out cheaper to pay the ransom then suffer the damage to the companies reputation as well as cost to re-build everything from near scratch.


----------



## matadorCE (Jun 26, 2013)

Catmandoo said:


> We can't really know how integrated all their assorted systems were, it seems like very, as everything seemed to go down - Connect, Web Sales, Tech Call Center, Aviation, E-Mail, you name it. It's likely they said "OK, lets go the backup" only to find out the malware had been infecting the system for days, weeks, months, so the backups were no good.
> 
> It would take months to re-build, even if they had bare bone core systems backups that hadn't been touched in years. I sense from all I've read that the aviation section was the most critical to get back, it's much more important to the users then fitness and automotive, who's devices essentially keep working even though there's no cloud, which if they are smart, is something they are doing anyway, and hopefully off site and protected. I expect that we will see changes to the user end in the coming months or years as in truth, they really cannot trust the old system at this point.
> 
> Somebody did the math and likely figured out cheaper to pay the ransom then suffer the damage to the companies reputation as well as cost to re-build everything from near scratch.


If the Aviation part went down too, I'd definitely ditch Garmin altogether even after they "fixed" everything. Odds are that if you've got a private plane, you can afford to switch to something else. Not being able to log bike rides is one thing, but having a crucial piece of navigational hardware compromised is a whole other ballgame.


----------



## tuckerjt07 (Nov 24, 2016)

matadorCE said:


> If the Aviation part went down too, I'd definitely ditch Garmin altogether even after they "fixed" everything. Odds are that if you've got a private plane, you can afford to switch to something else. Not being able to log bike rides is one thing, but having a crucial piece of navigational hardware compromised is a whole other ballgame.


The hardware wasn't exactly compromised. They couldn't file flight plans and switching out avionics is not a cheap or simple endeavor.

Sent from my SM-N975U1 using Tapatalk


----------



## Lone Rager (Dec 13, 2013)

Many of Garmin's aviation and marine customers are commercial operators. Disrupting, curtailing, or endangering their operations is a much bigger deal.


----------

