A group that claims to have hacked Global CDKthe software supplier to thousands of car dealerships in North America, demanded tens of millions of dollars in ransom, according to a person familiar with the matter.
CDK plans to make the payment, said the person, who asked not to be identified because the information is confidential. The hacker group behind the attack is believed to be based in Eastern Europe, the source said. In the early days of a ransomware attack, discussions are fluid and the situation could change.
CDK did not respond to multiple requests for comment Friday.
Since CDK discovered the flaw and shut down the systems on June 19, chaos ensued at many of the approximately 15,000 auto dealerships that are among its customers. CDK’s core product – a suite of software tools called a Dealership Management System, or DMS – underpins virtually every element of auto retailers’ daily operations. The outage therefore hampered sales, interrupted repairs and delayed deliveries in a sector which exceeded $1.2 trillion in sales in the United States last year. The disruptions also come amid an end-of-quarter sales surge.
“It’s just mass chaos at this point,” Diana Lee, chief executive of Constellation, a marketing agency that works with auto dealerships across the United States, said on Bloomberg Television. “The dealership really has to run a DMS for sales, service, parts, for every feature – even to stock a vehicle, you can’t do that without the DMS system. So it’s a disaster. »
CDK had briefly restored some services for a few hours on June 19, but was forced to disable them following a second cyberattack. On Thursday, the company warned dealers that their systems would likely not be available for several days.
Demand for tens of millions of dollars comes after hackers sought $50 million of a laboratory services company at the center of an ongoing ransomware attack that has caused outages at London hospitals. UnitedHealth Group Inc., the largest medical insurer in the United States, acknowledged earlier this year it paid the hackers extortion charges of $22 million.
CDK did not specify who or what entity was behind the intrusion, but issued a warning to customers Thursday evening, saying outside parties were contacting customers, trying to take advantage of the confusion.
“We are aware that bad actors are contacting our customers, posing as members or affiliates of CDK, trying to gain access to the system,” the company said. “CDK associates do not contact customers to gain access to their environment or systems. Please only respond to employees and communications known to CDK.
There are only a handful of DMS companies for dealers to choose from after decades of consolidation in this sector of the auto retail industry. As a result, thousands of stores rely heavily on CDK’s services to arrange financing and insurance, manage vehicle and parts inventory, and complete sales and repairs.
The car dealership Sonic Automobile Inc., which uses CDK to support critical dealership operations, said disruptions caused by the cyberattack are likely to have a “negative impact” on its operations until its systems have recovered, according to a filing filed Friday. Sonic has not determined whether the attack will have a material impact on its finances and has reopened all of its dealerships with workarounds to limit disruption, the company said.
The parent of CDK, Brookfield Business Partners LP had its worst trading day since October – plunging 5.7% on Thursday – and extended its decline on Friday. Actions in dealer groups AutoNation Inc., Group 1 Automotive Inc. and Sonic Automotive Inc. also fell.
