Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Car sales across the US disrupted after major cyberattack hits dealership provider

Ransomware.

CDK, a company that provides software-as-a-service for car dealerships, has suffered a major cyberattack forcing it to shut down most of its systems. 

As a result, the companies using CDK’s services were unable to conduct most of their business and were pushed back to pen and paper for whatever little work they could do.

According to a report on BleepingComputer, when CDK spotted the attack, it unplugged most of its systems to prevent it from spreading. Two servers were taken offline at 2am local time, and remained offline for most of the day.

Disconnecting the VPN

"We are actively investigating a cyber incident,” the company told BleepingComputer. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”

CDK Global offers a comprehensive suite of software solutions and services designed to help car dealers manage and enhance their operations across various areas, including dealer management systems (DMS), digital marketing, business intelligence and analytics, fixed operations solutions, and cybersecurity. It allegedly has more than 15,000 clients and services 30,000 dealer sites worldwide.

Car dealerships using CDK’s services have to configure an always-on VPN to the company’s data centers, which then allows locally installed applications to access data stored on the servers. The company has now advised its clients to disconnect the VPN, to prevent the attack from spreading to third-party systems as well.

While the nature of the attack has not yet been confirmed, usually when a company is forced to unplug its IT infrastructure it’s due to ransomware. Threat actors lock their victims out of their endpoints, steal sensitive data, and then demand money in exchange for the decryption key and keeping the data private. 

Some fifteen hours after spotting the incident, the company restored CDK Phones, DMS, and Digital Retail services. Unify and DMS logins were also made available, while for other services, restoration is still in progress.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.