Since the discovery of a breach on June 19, chaos has erupted at approximately 15,000 car dealerships across North America that rely on CDK Global, a software provider for the automotive industry. Reports indicate that a group claiming responsibility for hacking CDK Global has demanded tens of millions of dollars in ransom. Anonymous sources state that CDK is considering making the payment to the hacking group, which is believed to be based in eastern Europe.

The immediate aftermath of the ransomware attack has left many car dealerships in disarray. CDK's core product, a dealership management system (DMS), serves as a vital tool for auto retailers' day-to-day operations. The outage has severely impacted sales, repairs, and deliveries in an industry that generated over $1.2 trillion in US sales last year. The disruptions are especially problematic during an end-of-quarter sales push.

Diana Lee, CEO of Constellation, a marketing agency working with numerous auto dealerships, describes the situation as "mass chaos." She emphasizes how the DMS system is essential for various dealership functionalities, from sales and service to managing parts and stocking vehicles.

CDK briefly restored some services on June 19 but was subsequently forced to deactivate them due to another cyberattack. The company's warning to dealers indicates that system availability may not be restored for several days, exacerbating the already challenging situation.

The demand for tens of millions of dollars in ransom follows a pattern seen in recent cyberattacks, with hackers targeting high-profile organizations. In one case, hackers sought $50 million from a lab services company causing disruptions in London hospitals. Earlier this year, UnitedHealth Group Inc., the largest medical insurer in the US, confirmed paying hackers a $22 million extortion fee.

CDK has yet to disclose the identity of the individual or group behind the breach. In response to unauthorized parties attempting to exploit the situation, the company issued a warning to customers, urging them to only respond to official CDK communication and employees.

Consolidation within the Dealership Management System (DMS) industry has left dealerships with limited options, making them highly dependent on CDK's services. These services include financing and insurance arrangements, inventory management, and facilitating sales and repairs.

Sonic Automotive Inc., a car dealer heavily reliant on CDK's support for critical operations, admitted that the cyberattack's disruptions will likely have a negative impact on its operations until full system recovery. While the financial impact remains unknown, Sonic has implemented temporary solutions to minimize disruption and reopened all its dealerships.

The fallout from the cyberattack affected CDK's parent company, Brookfield Business Partners LP, with shares experiencing a considerable decline on Thursday – a drop of 5.7%. The decline has continued into Friday, impacting dealer groups such as AutoNation Inc., Group 1 Automotive Inc., and Sonic Automotive Inc., causing their shares to slump as well.

As investigations continue, CDK Global and affected dealerships are working tirelessly to restore normal operations and mitigate the impact of the cyberattack.