close
close

Massive ransomware attack on car dealers largely over after 2 weeks of evasion attempts

Cars lined up in a row, pictured obliquely, at a car dealership.
Enlarge / Vehicles for sale at an AutoNation Honda dealership in Fremont, California, USA, on Monday, June 24, 2024.

Getty Images

After “cyber incidents” on June 19 and 20 brought down CDK Global, a software-as-a-service provider for more than 15,000 car dealerships, service technicians and dealers advised their fellow Americans in forum and Reddit comments to prepare for weeks, not days, until service is restored.

That assessment has proven correct, as CDK Global last estimated that “all merchant connections” would be back up and running by July 3 or 4, roughly two weeks from now. Posts in various merchant-related subreddits today suggest that CDK’s core services are mostly, if not fully, back up. For some employees, restoring services is a double-edged sword, with huge backlogs of paperwork now having to be entered into digital systems.

Bloomberg reported on June 21 that a ransomware gang called BlackSuit had demanded “tens of millions of dollars” from CDK and that the company planned to pay that amount, according to a source familiar with the matter. Later on June 25, CDK told its customers that the attack was a “cyber ransomware event” and that restoring services would take “several days, not weeks.” Allan Liska of analyst Recorded Future told Bloomberg that BlackSuit was responsible for at least 95 other recorded ransomware attacks worldwide.

Lisa Finney, senior manager of external communications at CDK, told Ars on Monday that the company could not provide further information about the attacks, the restoration of service or merchants’ plans to prepare for future attacks.

During the outage, many dealers went from all-in-one software platforms to pens, paper, Excel spreadsheets, phone calls, and in some cases, alternative on-premises software. Car Dealership Guy summarized some of the workarounds dealers used. Repair part numbers, hours, and VIN parts were tracked in Excel. Many dealers grabbed the last contracts they had on hand, deleted the customer information, and created editable PDFs from them.

Many dealers and service managers advocated preparing for the next outage with “internet-free days.” Others pointed out that measures some dealers were taking, such as using their own phones to contact prospective customers, could violate privacy and “do not call” regulations.

Anderson Economic Group, a Michigan-based auto analyst, estimated that CDK’s closure cost auto dealers more than $600 million in two weeks. CDK’s failure is expected to play a major role in a slump in auto sales in June.