CDK Starts Restoring Systems After Car Dealer Hack

Last week, a cyberattack on dealership software-as-a-service platform CDK Global crippled America’s auto sellers.

Now, the group behind the attack is reportedly demanding tens of millions of dollars in ransom, Bloomberg News reported Friday (June 21), citing a source familiar with the matter.

That source said that CDK plans to pay the ransom to the hacking group, which is thought to be based in Eastern Europe. 

Meanwhile, a report Sunday by Reuters said CDK had begun to restore its systems, with the company issuing a statement saying it expects the process to take “several days.”

The attack happened last Tuesday (June 18) on the CDK dealership management system (DMS), used by thousands of U.S. car dealerships, as well as by carmakers such as Toyota, Kia, Stellantis and BMW.

The attack has effectively shuttered many businesses, with others turning to paper-based processes for record-keeping and administration. CDK had told its customers on Thursday (June 20) that its dealer’s system would likely not be available for several days.

“It’s just mass chaos at this point,” Diana Lee, the chief executive officer of Constellation, a marketing agency that works with American car dealers, told Bloomberg. “The dealer’s required to actually run a DMS for sales, service, parts, for every single functionality — even stocking a vehicle, you can’t do it without the DMS system. So it is a disaster.”

As PYMNTS wrote last week, this cyberattack spotlights the increasing threat of ransomware attacks on the business world, especially in businesses heavily dependent on digital and IT infrastructure. What’s different now is that as technology has advanced, with managed services and applications becoming more crucial to business operations, giving the impact of cyberattacks a much greater reach.

“And if an attack on a critical infrastructure provider that leaves the sector it services unable to operate sounds familiar, it’s because similar incidents are on the rise, a fact that underscores the need for companies to invest in robust cybersecurity measures and incident response plans,” that report said. 

For example, this year has already seen the cyberattack on Change Healthcare, a billing and payments unit owned by UnitedHealthcare, which led to total disruptions at healthcare clinics, medical billing companies and pharmacies. This attack, believed to have been the work of a ransomware gang known as ALPHV or BlackCat, ultimately cost UnitedHealthcare $872 million. 

And the attacks haven’t slowed down since then, either. As covered here, a “significant volume of data” was stolen from at least 165 customers of multi-cloud data warehousing platform Snowflake on June 10, and last week brought the news that that data from LendingTree subsidiary QuoteWizard stolen in the Snowflake breach is being auctioned off to the highest bidder on cybercriminal forums.