Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds
2024-07-08
Cyber Attacks Cripple Car Dealerships: The Costly Aftermath of CDK Global's Ransomware Breach
The recent "cyber incidents" that took down CDK Global, a leading software-as-a-service provider for over 15,000 car dealerships, have left the automotive industry reeling. As service tech workers and dealers grappled with the aftermath, the restoration of services proved to be a mixed blessing, with massive backlogs of paperwork now needing to be entered into digital systems.
Restoring Normalcy Amidst the Chaos
The Ransomware Attack and Its Aftermath
On June 19 and 20, "cyber incidents" crippled CDK Global, a software-as-a-service vendor serving over 15,000 car dealerships. Forum and Reddit comments from service tech workers and dealers warned that the restoration of services would take weeks, not days. This sentiment proved accurate, as CDK Global initially expected to have "all dealers' connections" working by either July 3 or 4, roughly two weeks after the initial attack.According to Bloomberg, a ransomware gang known as BlackSuit had demanded "tens of millions of dollars" from CDK Global, and the company was planning to pay that amount. CDK later informed its clients that the attack was a "cyber ransom event" and that restoring services would take "several days and not weeks." However, the restoration process was far from smooth, with dealers and service managers facing a massive backlog of paperwork that needed to be entered into digital systems.
Dealerships Adapt to the Outage
During the CDK Global outage, many dealerships were forced to pivot from their all-in-one software platforms to more traditional methods, such as using pens, paper, Excel sheets, phone calls, and in some cases, alternative local software. Car Dealership Guy rounded up some of the work-arounds employed by these dealerships, including tracking repair part numbers, hours, and partial VIN numbers in Excel, as well as creating editable PDFs from the last contracts they had on hand.The outage also prompted some dealers and service managers to advocate for preparing for the next potential outage by implementing "no Internet days." However, others noted that some of the steps taken by dealerships, such as using their own phones for contacting sales leads, could potentially run afoul of privacy and "Do not call" provisions.
The Financial Impact on the Automotive Industry
The CDK Global outage had a significant financial impact on the automotive industry. Anderson Economic Group, a Michigan-based auto analyst, estimated that the shutdown cost auto dealers more than 0 million over a two-week period. The outage is also expected to play a large part in a June car sales slump, further exacerbating the financial strain on dealerships.
Lessons Learned and Preparing for the Future
The CDK Global ransomware attack has highlighted the vulnerability of the automotive industry to cyber threats. As dealerships work to restore normalcy, it is clear that they must prioritize cybersecurity measures and develop robust contingency plans to mitigate the impact of future outages.The experience has also underscored the importance of diversifying software solutions and maintaining backup systems to ensure business continuity. Dealerships must also review their data management practices and ensure compliance with privacy regulations to avoid potential legal issues.Moving forward, the automotive industry must collaborate with software providers, cybersecurity experts, and regulatory bodies to develop comprehensive strategies to protect against and respond to cyber incidents. By learning from this experience, dealerships can better safeguard their operations and maintain the trust of their customers in the face of evolving digital threats.