CDK Global preparing to pay massive ransom after dual cyberattacks

CDK Global is reportedly preparing to pay tens of millions of dollars to a criminal group based in eastern Europe, following a cyberattack on June 19 that resulted in the ongoing closure of its widely used Dealership Management System (DMS).

What this means: While this is a developing situation and lacks official confirmation from CDK or other authorities, it does shed light on what the company has been dealing with the past few days as well as a possible resolution. More than half of all car dealers in the U.S. remain without access to their DMS software, a key component to conducting day-to-day operations.

What we know so far:

  • Bloomberg reports that a group, likely located in eastern Europe, has demanded a massive extortion fee from CDK Global, based on discussions from an undisclosed source familiar with the situation.

  • The source went on to say that CDK plans to make the payment.

  • Yesterday, the company urged dealers to be on the lookout for phishing attempts from con artists pretending to work for CDK, after users took to social media to report an influx of scams. The warning came one day after the firm faced its second cyberattack within 24 hours.

  • That second attack occurred shortly after the company reopened access to some of its systems Wednesday afternoon, despite expressing confidence that the issue had been resolved.

Become an automotive insider in just 5 minutes.

Get the weekly email that delivers transparent insights into the car market.

Join 66,000 others now, it's free:

What we don’t know:

  • The requested amount, the identity of the people responsible and the timeline for depositing the cash were not specified. It also remains unclear what type of attack the hacking group launched on CDK. 

  • Ransomware typically locks a user out of their software while stopping short of other activities, making the effects of such a virus minimal once removed. However, if backdoor access to the company’s data was obtained at any point, then that information may have already been collected.

  • While it is not clear what CDK will receive in return for paying the ransom, whether it be restored access or the removal of harmful viruses, it is possible that the effects of this attack are only beginning.

Transparency is key: The earlier dealers know the extent of the damage the sooner they can take steps to protect their businesses. Transparency from CDK will be key in the coming days as it continues talks with the alleged hacker group.

Looking ahead: Despite the DMS outage, dealers have managed to keep their businesses running using a variety of innovative strategies and old-school solutions. As the month draws to a close, it will be interesting to gauge the impact of CDK’s shutdown on automotive sales and how the automotive sector’s resilience mitigates that damage.

Reply

or to participate.