Stocks
Group Alleging CDK Systems Hack Demands Millions in Ransom, Bloomberg News Reports
A group of hackers claiming responsibility for a cyberattack on CDK Global’s software systems has demanded millions of dollars in ransom to end the hack, which has affected auto dealers across the United States, Bloomberg News reported on Friday. The attack has caused significant disruptions in the auto retail sector, impacting various dealerships and operations.
The group behind the attack is believed to be based in Eastern Europe, according to the report, which cited sources familiar with the matter. This region has been known for harboring sophisticated cybercriminal organizations that target businesses worldwide.
CDK, an auto retail technology and software provider, planned to pay the ransom, according to Bloomberg News. However, CDK did not immediately respond to a Reuters request for comment, leaving many questions unanswered about their strategy to mitigate the attack and protect their clients.
U.S. auto retailers Sonic Automotive and Penske Automotive reported significant disruptions to their operations on Friday as CDK experienced a third consecutive day of outage. The impact of the cyberattack was immediately felt across the industry, with dealers struggling to maintain normal operations.
In an emailed statement, Ford acknowledged the industrywide system outage affecting dealers who use CDK’s software. Despite the challenges, Ford and Lincoln customers could still receive sales and service support due to alternative processes available to their dealers.
Sonic Automotive stated that its dealerships remained open and that the company was working to minimize the disruption caused by the outage. While it was unable to determine if the outage would affect its financial condition, Sonic acknowledged that the disruption had a negative impact on its operations.
Penske Automotive reported that its Premier Truck Group business, which sells new and used commercial trucks, also uses CDK’s disrupted dealer management system. Penske has implemented its business continuity response plans and continues to operate at all locations through manual or alternate processes. The commercial truck dealership business, which relies on CDK’s software, has lower unit volumes compared to Penske’s automotive dealership business.
Separately, Kia America told Reuters that it was working with affected dealers to reduce the impact of the outage and continue towards “business as usual.” The automaker emphasized its commitment to supporting its dealer network during this challenging time.
According to its website, CDK works with more than 15,000 retail locations across North America. The widespread impact of the cyberattack highlights the critical role CDK’s software plays in the automotive retail industry and the importance of robust cybersecurity measures to protect such vital infrastructure.
The cyberattack on CDK Global underscores the growing threat of cybercrime to critical business systems and the significant impact such attacks can have on industries. As companies like Sonic Automotive, Penske Automotive, and Kia America work to mitigate the disruptions, the incident serves as a stark reminder of the need for enhanced cybersecurity protocols and rapid response strategies to safeguard against future attacks. The decision to pay the ransom, as reported by Bloomberg News, reflects the urgent need to restore normal operations and the challenging choices companies face when dealing with sophisticated cybercriminals.