CDK Global Prepares to Pay Millions After Cyberattacks
Published On: June 23, 2024
- CDK Global experienced a major cyberattack, causing extensive disruptions for over 15,000 car dealerships across North America
- The attack forced CDK to shut down their systems and data centers, leading to significant operational challenges for dealerships
- CDK Global's response suggests a potential ransomware attack, highlighting the need for cybersecurity measures in the automotive industry
CDK Global, a leading provider of software solutions for car dealerships, experienced a significant cyberattack on June 19, 2024, leading to widespread disruptions across North America. The company, which supports over 15,000 dealerships, was forced to shut down their systems, phones, and applications to prevent the spread of the latest attack. This has resulted in significant operational challenges for car dealerships relying on CDK's software for sales, inventory management, financing, and other critical functions.
Although CDK Global has not confirmed the specific nature of the attack, the company's response indicates that it may involve ransomware. Ransomware attacks often encrypt data and demand a ransom for its decryption. Such attacks can lead to extended downtimes as companies negotiate with attackers and attempt to restore systems from backups.
The attacking group is reportedly based in Eastern Europe and has demanded a substantial extortion fee. As of June 21, 2024, CDK Global is preparing to pay millions of dollars to resolve the situation. In the wake of the attack, numerous reports of car dealers receiving phishing attempts have surfaced, further complicating recovery efforts.
The attack prompted CDK Global to take their two main data centers offline. Brad Holton, CEO of Proton Dealership IT, noted that CDK advised their clients to disconnect their always-on VPNs from the data centers as a precaution. This step was crucial to prevent the potential lateral movement of the attackers within the network, a common tactic in ransomware incidents.
Employees at various dealerships reported being unable to perform routine tasks, forcing many to resort to manual processes. The disruption has been particularly impactful during the busy car buying season, affecting sales, service operations, and overall customer service.
In a statement, CDK Global emphasized their commitment to resolving the issue swiftly and safely: "We are actively investigating a cyber incident. Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible."
The broader implications of this attack underscore the vulnerabilities within the automotive industry's digital infrastructure. As dealerships increasingly rely on digital systems for daily operations, the need for robust cybersecurity measures becomes ever more critical. This incident is a stark reminder of the potential risks and disruptions that cyber threats pose to businesses dependent on interconnected systems.
CDK Global's efforts to restore functionality are ongoing, with no clear timeline for when full services will be resumed. Meanwhile, dealerships continue to grapple with the fallout, adapting their operations to mitigate the impact on their businesses and customers.