A group claiming to have hacked CDK Global, a software provider for thousands of North American car dealerships, has demanded tens of millions of dollars in ransom, according to a person familiar with the matter.
CDK plans to repay the amount, said the person, who asked to remain anonymous because the information is private. The source said that it is believed that the hacking group behind the attack is based in Eastern Europe. In the early days of any ransomware attack, discussions are fluid, and the situation may change.
CDK did not respond to multiple requests for comment Friday.
Since CDK discovered the hack and shut down the systems June 19Many of the approximately 15,000 car dealerships that count as customers have been left in chaos. CDK's core product—a set of software tools referred to as a dealer management system, or DMS—supports nearly every element of auto retailers' daily business. So, outages crippled sales, halted repairs, and delayed deliveries across the industry topping the list $1.2 trillion in US sales last year. Disruptions are also occurring amid increased sales at the end of the quarter.
“It's just complete chaos at this point,” Diana Lee, CEO of Constellation, a marketing agency that works with car dealerships across the United States, told Bloomberg Television. “The dealer is required to actually run the DMS for sales, service and parts for every single job – even storing the car, you can't do that without a DMS. So it's a disaster.”
CDK briefly restored some services for a few hours on June 19, but was forced to deactivate them after a second cyberattack. On Thursday, the company warned traders that their systems will likely be unavailable Several days.
The demand comes in tens of millions of dollars after the hackers He sought $50 million A laboratory services company is under ongoing ransomware attack, causing service outages in London hospitals. UnitedHealth Group Inc., the largest U.S. medical insurer, admitted earlier this year You paid the pirates $22 million extortion charges.
CDK did not say who or entity was behind the intrusion, but it issued a warning to customers Thursday evening, saying third parties were reaching out to customers, trying to capitalize on the confusion.
“We are aware that bad actors are contacting our customers, posing as CDK members or affiliates, and attempting to gain access to the system,” the company said. “CDK Partners do not contact customers to gain access to their environment or systems. Please only respond to CDK employees and known contacts.
There are only a few DMS companies that dealers can choose from after decades of consolidation in this corner of the auto retail industry. As a result, thousands of stores rely heavily on CDK's services to arrange financing and insurance, manage vehicle and parts inventory, and complete sales and repairs.
Auto dealer Sonic Automotive Inc., which is using CDK to support critical sales, said disruptions from the cyberattack would likely have a “negative impact” on its operations until its systems recover, according to a filing Friday. Sonic has not determined whether the attack will have a material impact on its finances, and it has reopened all of its dealerships with workarounds to limit disruption, the company said.
CDK's parent company, Brookfield Business Partners LP, had its worst trading day since October — falling 5.7% on Thursday — and extended its decline on Friday. Shares of dealer group AutoNation Inc also fell. and Group 1 Automotive Inc. and Sonic Automotive Inc.