Retail software provider CDK Global is battling a system outage that has left nearly 15,000 car dealerships across North America in operational limbo since Wednesday. The company, which offers software for scheduling and records management, began restoring its services on Saturday but anticipates it will take several days to be fully operational.
“We anticipate that the process will take several days to complete, and in the interim, we are continuing to actively engage with our customers and provide them with alternative ways to conduct business,” a CDK spokesperson said.
The disruption follows two cyber incidents, which the company is still investigating. Bloomberg reported that CDK is negotiating with an Eastern European hacker group demanding tens of millions in ransom. CDK has not confirmed this or responded to requests for comments on the ransom.
Security experts suggest multiple layers of complexity in the attacks. Pieter Arntz, Malware Analyst at Malwarebytes, pointed out, “The most interesting point about the attack on CDK Global is that it was hit a second time while still recovering from the first attack. Restoring systems from a week ago is often not far enough. Attackers can linger on a system for long periods.”
Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, noted the possibility of multiple threat actors: “One thought to consider is if there were multiple threat actors involved, which is often the case. If that was the case here, there often comes a time when one threat actor strikes first and forces the hand of the other.”
Additionally, Thompson highlighted the evolution of ransomware: “One notable advancement is the use of polymorphic malware, which can change its code and structure with each infection instance, complicating detection and response efforts.”
Satnam Narang, Senior Staff Research Engineer at Tenable, emphasized the opportunistic nature of such attacks: “Ransomware affiliates will target all of the fish in the sea in hopes of catching a big one because they know that’s where the biggest payout comes from.”
Dealerships have scrambled to implement temporary solutions, manually processing sales and struggling with registration issues. Ford is working with dealers to set up alternative systems, while CDK continues to advise caution against phishing scams.