BOOK THIS SPACE FOR AD
ARTICLE ADThe vendor behind the software on which nearly 15,000 car dealerships across the US rely says an ongoing "cyber incident" has forced it to pull systems offline for a second time in as many days.
CDK Global first shut down its systems in the early hours of June 19 and brought key products such as its Dealer Management System (DMS), phone line support, Digital Retail platform, and the Unify portal page, back online later in the day.
In the past few hours, though, the software house has informed dealerships that it shut down core systems again after previously saying it was "confident" the aforementioned products were restored.
That means thousands of dealerships throughout the United States have been left to operate without their usual IT systems, sparking disruption.
The business began notifying dealerships and other stakeholders of a service disruption at around 0200 ET, before updating them again at 0800 ET blaming the problems on a "cyber incident," according to a trade mag Automotive News, which cited various industry sources and missives from CDK.
"We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19," a leaked email from CDK to its customers read.
"Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external third-party experts. At this time, we do not have an estimated time frame for resolution and therefore our dealers' systems will not be available at a minimum on Thursday, June 20.
"We apologize for the inconvenience this has caused. Please know our teams are dedicated to getting you back to business and keeping you there."
The Register has asked CDK Global for more information.
We'd give you good odds on the attack being timed to coincide with the US public holiday Juneteenth – June 19 – to cause maximum disruption. When disclosures mention third-party experts being drafted after an outage, it often signals the potential for ransomware being involved.
CDK Global did not respond to our specific questions about ransomware.
Usually in cases such as these a Form 8-K filed with the SEC would provide more light on the matter but given that CDK was taken private in 2022 following an $8.3 billion acquisition, it's under no obligation to make all the juicy details public via the US financial watchdog.
Weeks or months down the line, we may see filings with state attorneys general, but that doesn't help us a great deal right now.
However, we can look for further details from the various accounts of the situation from nervy IT folks and dealership workers taking to social media.
Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise NHS boss says Scottish trust wouldn't give cyberattackers what they wanted Blackbaud has to cough up a few million dollars more over 2020 ransomware attackWe've seen dealership workers disgruntled at being forced to attend work, just in case their systems come back online in time to get some business done. Others seemed less fazed, making the best of a bad situation.
As of today and following the most recent development, some dealerships are preparing for systems to be down all weekend, according to one Reddit post, while others are simply cracking on with the old-fashioned pen-and-paper methods. ®