Cybercrime
,
Fraud Management & Cybercrime
,
Incident & Breach Response
Auto Dealership Software Firm Says Restoring Service Will Take ‘Days and Not Weeks’
A back-end software provider for thousands of auto dealerships in the United States and Canada has started to restore operations after consecutive cyber incidents forced the company to shut down systems, a spokesperson told Information Security Media Group.
See Also: Supporting Malware Analysis at Scale
CDK Global, the auto dealership software solutions firm that suffered a cyber ransom attack Wednesday, said the company launched an investigation with third-party experts and has “begun the restoration process” after notifying customers and law enforcement about the incident.
“Based on the information we have at this time, we anticipate that the process will take several days to complete,” a CDK Global spokesperson said Monday. “In the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business.”
The spokesperson declined to comment on whether CDK plans to pay tens of millions in ransom to a hacking group called BlackSuit, which has since claimed responsibility for the attack, as has been reported. CBS reported the company sent a memo to customers Saturday saying the restoration process would take “several days and not weeks” and warning dealerships to beware of a potential increase in phishing scams.
The weekend note to customers was the first time the company described the incident as a “cyber ransom event.” Multiple car dealerships – including Group 1 Automotive Inc., which has more than 200 dealerships in the U.S. and United Kingdom – then disclosed that the cyberattack affected their business operations.
The company was forced to immediately activate cyber incident response procedures and isolate its systems from CDK’s platform, it said in a regulatory filing. Other major auto dealerships – including Penske, Sonic Automotive and Lithia Motors – warned the Securities and Exchange Commission that their operations also had been affected.
Approximately 15,000 auto dealerships in the U.S. and Canada use CDK software to manage and maintain records, sensitive data and communications about customers and negotiated deals. Cliff Steinhauer, director of information security and engagement for the National Cybersecurity Alliance, previously told Information Security Media Group the incident highlights the devastating impact of attacks on third-party managed infrastructure (see: Auto Dealerships Using CDK Global Hit With Cyber Disruptions).
“This incident not only disrupted essential operations across a vast network of dealerships but also exposed significant vulnerabilities in digital infrastructure and customer data management systems,” he said.
Bloomberg first reported that BlackSuit demanded millions of dollars in ransom after the alleged hacking group took responsibility for the attack. BlackSuit comes from the Royal ransomware-as-a-service group, which is a branch of the now-defunct Conti ransomware operation (see: Conti’s Legacy: What’s Become of Ransomware’s Most Wanted?).
Car dealerships across the U.S. reported resorting to using paper to keep records – and even shutting down new business entirely.
CDK Global publishes an annual report on the state of dealership cybersecurity, and in 2023 it said: “Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important.”