CDK Global Faces Ransom Demand Amidst Massive Cyberattack Disrupting North American Car Dealerships

by Nicholas Edwards · 21/06/2024

CDK Global hit by a ransomware attack, causing chaos for 15,000 car dealerships. The hackers, allegedly from Eastern Europe, demand tens of millions in ransom.

United States, Bollywood Fever: CDK Global, a key software provider for thousands of car dealerships across North America, has been targeted in a ransomware attack, leading to a demand for tens of millions of dollars in ransom. According to an insider familiar with the situation, the hacking group responsible is believed to be based in Eastern Europe, and CDK is planning to make the payment, although the fluid nature of such situations means circumstances could change.

The breach, discovered on June 19, has led to significant disruptions at many of the roughly 15,000 dealerships that rely on CDK’s dealership management system (DMS). This software suite underpins virtually every aspect of auto retailers’ daily operations, from sales and repairs to inventory management. The outage has hampered sales, interrupted repairs, and delayed deliveries, causing chaos across an industry that generated over $1.2 trillion in U.S. sales last year. The timing is particularly problematic as it coincides with an end-of-quarter sales push.

“It’s just mass chaos at this point,” said Diana Lee, CEO of Constellation, a marketing agency for auto dealerships, in an interview with Bloomberg Television. “The dealer’s required to actually run a DMS for sales, service, parts, for every single functionality — even stocking a vehicle, you can’t do it without the DMS system. So it is a disaster.”

CDK briefly restored some services on June 19 but had to deactivate them after a second cyberattack. On Thursday, the company warned that systems would likely remain unavailable for several days.

This demand follows other high-profile ransomware attacks, including a $50 million demand from hackers targeting a lab services company affecting London hospitals and a $22 million extortion fee paid by UnitedHealth Group Inc. earlier this year.

CDK has not disclosed who is behind the intrusion but issued a warning to customers about potential fraudsters. “We are aware that bad actors are contacting our customers, posing as members or affiliates of CDK, trying to obtain system access,” the company stated. “Please only respond to known CDK employees and communications.”

The car dealer Sonic Automotive Inc., which uses CDK to support critical operations, reported that disruptions from the cyberattack are likely to negatively impact its operations until systems are restored. Sonic has reopened all its dealerships with workaround solutions to limit disruption but has yet to determine the financial impact.

CDK’s parent company, Brookfield Business Partners LP, saw its worst trading day since October, with a 5.7% plunge on Thursday, and further declines on Friday. Shares in dealer groups AutoNation Inc., Group 1 Automotive Inc., and Sonic Automotive Inc. also experienced declines.

The cyberattack on CDK Global underscores the vulnerability of critical infrastructure to ransomware attacks and the widespread impact such breaches can have on industries heavily reliant on centralized software services.