Car sales across the US disrupted after major cyberattack hits dealership provider

News
By
published

Clients suffer the consequences following breach

Ransomware
(Image credit: Pixabay)

CDK, a company that provides software-as-a-service for car dealerships, has suffered a major cyberattack forcing it to shut down most of its systems. 

As a result, the companies using CDK’s services were unable to conduct most of their business and were pushed back to pen and paper for whatever little work they could do.

According to a report on BleepingComputer, when CDK spotted the attack, it unplugged most of its systems to prevent it from spreading. Two servers were taken offline at 2am local time, and remained offline for most of the day.

Disconnecting the VPN

"We are actively investigating a cyber incident,” the company told BleepingComputer. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”

CDK Global offers a comprehensive suite of software solutions and services designed to help car dealers manage and enhance their operations across various areas, including dealer management systems (DMS), digital marketing, business intelligence and analytics, fixed operations solutions, and cybersecurity. It allegedly has more than 15,000 clients and services 30,000 dealer sites worldwide.

Car dealerships using CDK’s services have to configure an always-on VPN to the company’s data centers, which then allows locally installed applications to access data stored on the servers. The company has now advised its clients to disconnect the VPN, to prevent the attack from spreading to third-party systems as well.

While the nature of the attack has not yet been confirmed, usually when a company is forced to unplug its IT infrastructure it’s due to ransomware. Threat actors lock their victims out of their endpoints, steal sensitive data, and then demand money in exchange for the decryption key and keeping the data private. 

Some fifteen hours after spotting the incident, the company restored CDK Phones, DMS, and Digital Retail services. Unify and DMS logins were also made available, while for other services, restoration is still in progress.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.