Ransomware attack brings down auto dealers across the country, bringing car sales to a halt

Software creator CDK Global experienced a ransomware attack last week that left auto dealerships that use the software they distribute (Dealer Management System or DMS) unable to process car sales as they normally do.

The DMS software is used by over 15,000 dealerships nationwide and not only helps car dealerships quickly process applications but also provides dealers with the ability to manage customer relationships and service solutions such as maintenance contracts, car rebates and even tracks dealer inventory.

Many dealerships have begun to process car sales manually, but the software also managed appointment requests, for both buying and car maintenance grinding those services to a halt as well. The service has been down since last Wednesday and CDK Global doesn’t expect the service will be back up until June 30^th although they say some services are starting to be brought back online as of writing.

Summer time is typically a popular car buying season especially with Fourth of July sales being a staple of the industry, it’s unknown what effect this attack will have on overall sales for this quarter.

The group behind the outage, BlackSuit, is part of a growing trend of hacks specifically targeting software suppliers and demanding lucrative ransoms to get systems back online. CDK hasn’t thus far paid the ransom and we have no confirmation of what that figure is.

Blacksuit is known for both stealing sensitive data and locking up systems, then demanding a ransom to restore both. They also provider information to smaller hacking groups so they can carry out their own attacks including resources to intimidate victims into paying. It’s estimated they’ve carried out successful attacks on 95 organizations globally although this figure only includes companies who reported the attack. The figure is likely much higher.

In one post on Reddit a user describes a client who was hacked by an affiliate of the group and paid $4000 to recover their data, the reach of not only Blacksuit themselves but by bad actors who utilize their services to conduct their own attacks would be impossible to determine but should make even small business owners wary as we continue to see hackers organize and expand their reach as a group rather than as individuals.

CDK meanwhile has continually moved the goal post on when a resolution will occur, automotive dealerships were originally told systems would be up by June 21^st and now June 30^th but they’ve already stated even by that date systems may not be back up for everyone affected.

"We are still doing the workarounds, using a paper processing system. The problem is we can't load this data back into the system," Geoffrey Pohanka, chairman of Pohanka Automotive Group located in Maryland told CBS. "We can account for the work we did in our general ledger from a financial statement standpoint, but it's very hard to pop all this data back into the system so you can have access to it later."

Attackers continue to grow more savvy and the effects of an attack like this won’t only incur damages such as downtime or a loss of data or even the financial burden of paying a ransom, they can affect customer perception of your business and cause customers to lose faith in your ability to service them.

At Valley Techlogic, cybersecurity is a keystone offering of our technology support plan. We follow cybersecurity frameworks such as NIST, CIS, HIPAA and CMMC to ensure we’re following nationally recognized standards for cybersecurity protections.  If you would like to ensure an attack like this will never happen to your business, or if you’ve already experienced a hack and are looking towards the path to recovery, Valley Techlogic can support your business today.

Looking for more to read? We suggest these other articles from our site.

This article was powered by Valley Techlogic, leading provider of trouble free IT services for businesses in California including Merced, Fresno, Stockton & More. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic and LinkedIn at https://www.linkedin.com/company/valley-techlogic-inc/.