CDK Global is now calling the cyberattack that took down its software platform for its auto dealership clients “a ransom event.”
In a note to clients Saturday, CDK for the first time acknowledged that the hackers that made its dealer management system, or DMS, unavailable to clients for days, are demanding a ransom to restore its systems.
“Thank you for your patience as we recover from the cyber ransom event that occurred on June 19th,” CDK said in a memo to clients on Saturday, according to a copy of the email obtained by CBS MoneyWatch.
CDK added in the note that it has started restoring its systems and expects the process of bringing major applications back online “to take several days and not weeks.”
Beware of phishing
In its memo, the company also warned car dealerships to be alert to phishing scams, or entities posing as CDK but who are in fact bad actors trying to obtain proprietary information like customers’ passwords.
A CDK spokesperson told CBS MoneyWatch that it is providing customers “with alternate ways to conduct business” while its systems remain inoperative.
The group behind the CDK ransomware attack is demanding tens of millions of dollars in ransom, Bloomberg reported Friday. CDK is planning to make the payment, according to the Bloomberg story, which cited a person familiar with the matter. The hacking group is believed to be based in Eastern Europe.
CDK has not disclosed the name of the group behind the attack which has crippled car dealerships across the U.S. since last week.
“Doing everything manually”
The hack has left some car dealers unable to do business altogether, while others report using pen and paper, and even “sticky notes” to record transactions.
Tom Maoli, owner of Celebrity Motor Car Company, which operates five luxury car dealerships across New York and New Jersey, on Monday told CBS MoneyWatch his employees “are doing everything manually.”
“We are trying to keep our customers happy and the biggest issue is the banking side of things, which is completely backed up. We can’t fund deals,” he said.
Ransomware attacks are on the rise. In 2023, more than 2,200 entities, including U.S. hospitals, schools and governments were directly impacted by ransomware, according to Emisoft, an anti-malware software company. Additionally, thousands of private sector companies were targeted. Some experts believe that the only way to stop such attacks is to ban the payment of ransoms, which Emisoft said would lead bad actors to “quickly pivot and move from high impact encryption-based attacks to other less disruptive forms of cybercrime.”
Earlier this year, the U.S. Department of State offered $10 million in exchange for the identities of leaders of the Hive ransomware gang, which since 2021 has been responsible for attacks on more than 1,500 institutions in over 80 countries, resulting in the theft of more than $100 million.
