Skip to content

Massive hostage-taking attack on car dealers is largely over after 2 weeks of temporary solutions

    Cars are lined up diagonally at a car dealership.
    Enlarge / Vehicles for sale at an AutoNation Honda dealer in Fremont, California, USA, on Monday, June 24, 2024.

    Getty Images

    After CDK Global, a software-as-a-service provider to more than 15,000 auto dealers, was shut down by “cyber incidents” on June 19 and 20, service technicians and dealers advised their fellow countrymen to prepare for weeks, not days, for the restoration of service.

    That sentiment proved correct, as CDK Global expected “all dealer connections” to be up and running by July 3 or 4, about two weeks from now. Posts on various dealer-related subreddits today suggest that CDK’s core services have been largely, if not fully, restored. The restoration of services is a mixed blessing for some employees, as massive backlogs of paperwork now need to be entered into digital systems.

    Bloomberg reported on June 21 that a ransomware gang, BlackSuit, had demanded “tens of millions of dollars” from CDK and that the company planned to pay that amount, according to a source familiar with the matter. CDK later told its customers on June 25 that the attack was a “cyberransom event” and that restoring services would take “several days, not weeks.” Allan Liska, of analyst Recorded Future, told Bloomberg that BlackSuit was responsible for at least 95 other recorded ransomware breaches around the world.

    Lisa Finney, senior manager of external communications at CDK, told Ars on Monday that the company had no additional information about the attacks, the restoration of service or plans for dealers to prepare for future attacks.

    During the outage, many dealers switched from all-in-one software platforms to pens, paper, Excel sheets, phone calls, and in some cases, alternative on-premise software. Car Dealership Guy collected some of the dealers’ solutions. Repair part numbers, hours, and partial VINs were tracked in Excel. Many dealers took the last contracts they had on hand, blocked out the customer data, and turned them into editable PDFs.

    Many dealers and service managers advocated preparing for the next outage by instituting “no internet days.” Others noted that the measures some dealers were taking, such as using their own phones to contact sales leads, could violate privacy and “Do Not Call” policies.

    Anderson Economic Group, a Michigan-based auto analyst, estimated that the closure of CDK auto dealerships cost more than $600 million in a two-week period. The CDK closure is expected to play a major role in the decline in auto sales in June.