A group that claims to have hacked CDK Global, a software provider to thousands of North American car dealerships, has demanded tens of millions of dollars in ransom, according to a person familiar with the matter.
CDK plans to make the payment, said the person, who asked not to be identified because the information is confidential. The gang that carried out the attack is believed to be based in eastern Europe, the person said. In the early days of any ransomware attack, negotiations are fluid, and the situation can change.
CDK did not respond to multiple requests for comment on Friday.
Since CDK discovered the breach and shut down the systems on June 19, chaos has erupted at many of the 15,000 car dealerships that count as customers. CDK’s core product – a series of software tools referred to as a sales management system, or DMS – supports almost everything in the daily business of car dealerships. The outages have therefore hampered sales, hampered repairs and delayed deliveries across an industry that accounted for $1.2 trillion in US sales last year. Disruptions also hit during the end-of-quarter sales push.
“It’s still a bit of a mess right now,” Diana Lee, chief executive of Constellation, a marketing agency that works with auto dealers across the US, told Bloomberg Television. “A dealer is required to use DMS for sales, service, parts, for every single operation – even putting a car in stock, you can’t do it without a DMS system. So it’s a disaster.”
CDK had briefly restored some services for a few hours on June 19, but was forced to disable them following a second cyberattack. On Thursday, the company warned sellers that their plans may not be available for several days.
The demand in the tens of millions of dollars comes after hackers demanded $50 million from a lab services company at the center of an ongoing ransomware attack that has disrupted London hospitals. UnitedHealth Group Inc., the largest medical insurer in the US, admitted earlier this year that it paid hackers $22 million in fraud.
CDK did not say who or what organization was responsible for the intrusion, but issued a warning to customers Thursday evening, saying that outside groups are reaching out to customers, trying to take advantage of the confusion.
“We know that bad actors are contacting our customers, posing as members or partners of CDK, trying to gain access to the system,” the company said. “CDK partners do not contact customers to find out about their environment or plans. Please only respond to recognized CDK staff and communications.”
There are only a few DMS companies for dealers to choose from after decades of consolidation in this area of the automotive industry. As a result, thousands of dealerships rely heavily on CDK’s services to arrange financing and insurance, manage vehicle and parts inventory, and complete sales and repairs.
Auto dealer Sonic Automotive Inc., which uses CDK to fund key sales operations, said the disruption caused by the cyberattack could have a “negative impact” on its operations until its systems recover, according to a Friday filing. Sonic has not yet determined whether the attack will have a material financial impact, and has reopened all retail locations with solutions to mitigate the disruption, the company said.
CDK’s parent, Brookfield Business Partners LP, had its worst trading day since October – down 5.7% on Thursday – and extended its decline on Friday. Shares in dealer groups AutoNation Inc., Group 1 Automotive Inc. and Sonic Automotive Inc. they also went down.
Source link
