Car sales across the US disrupted after major cyberattack hits dealership provider

According to a report on BleepingComputer, when CDK spotted the attack, it unplugged most of its systems to prevent it from spreading. Two servers were taken offline at 2am local time, and remained offline for most of the day.

Disconnecting the VPN

"We are actively investigating a cyber incident,” the company told BleepingComputer. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”

CDK Global offers a comprehensive suite of software solutions and services designed to help car dealers manage and enhance their operations across various areas, including dealer management systems (DMS), digital marketing, business intelligence and analytics, fixed operations solutions, and cybersecurity. It allegedly has more than 15,000 clients and services 30,000 dealer sites worldwide.

Car dealerships using CDK’s services have to configure an always-on VPN to the company’s data centers, which then allows locally installed applications to access data stored on the servers. The company has now advised its clients to disconnect the VPN, to prevent the attack from spreading to third-party systems as well.

While the nature of the attack has not yet been confirmed, usually when a company is forced to unplug its IT infrastructure it’s due to ransomware. Threat actors lock their victims out of their endpoints, steal sensitive data, and then demand money in exchange for the decryption key and keeping the data private. 

Some fifteen hours after spotting the incident, the company restored CDK Phones, DMS, and Digital Retail services. Unify and DMS logins were also made available, while for other services, restoration is still in progress.

More from TechRadar Pro

• Harnessing AI to mitigate ransomware threats
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now