In a shocking turn of events, car dealership software-as-a-service provider CDK Global has fallen victim to a massive cyberattack that has forced the company to shut down its systems. As a result, over 15,000 car dealerships in North America relying on CDK Global's platform are now unable to operate their businesses normally.

CDK Global offers a comprehensive SaaS platform that handles various aspects of car dealership operations, including CRM, financing, payroll, support and service, inventory, and back-office operations. Used by thousands of car dealerships and boasting a vast employee base, CDK Global plays a crucial role in the functioning of the auto industry.

The cyberattack, which began last night and continued into the morning, prompted CDK Global to take its two data centers offline around 2 AM. The company made the decision to shut down its IT systems, phones, and applications as a precautionary measure to prevent the spread of the attack.

While CDK Global has not shared extensive details about the incident, a warning email sent to employees acknowledged the cyber incident and mentioned that most of the systems had been shut down. The company is currently evaluating the extent of the impact and cannot provide an estimated time for resolution at this time.

There are concerns among CDK Global clients that threat actors could exploit the always-on VPN connection to gain unauthorized access to the internal networks of car dealerships. As a result, CDK advised dealerships to disconnect the VPN to mitigate potential risks. The administrative privileges granted to CDK software running on devices, particularly for deploying updates, may have been a factor in this recommendation.

The outage has resulted in significant disruptions for the car dealerships relying on CDK Global's platform. Orders for car parts, tracking and new sales, as well as financing operations, have been severely affected. Employees have reported having nothing to do or resorting to traditional paper and pencil methods. Some dealerships have been forced to send their employees home for the day due to the outages.

While no official statement has been released by CDK Global, there are rumors suggesting that the cyberattack was a ransomware incident that may have also impacted the company's backups. The veracity of these rumors remains unconfirmed, but if ransomware is indeed involved, the outages could last for several days, extending into next week and beyond.

During ransomware attacks on corporate networks, threat actors typically infiltrate additional devices while stealing sensitive data. Once all the data has been stolen and administrative privileges have been obtained, the attackers encrypt all the devices on the network. Ransom notes are then left with instructions on how to contact the hackers for ransom payment. Negotiations can take weeks, and failure to pay the ransom may result in the leak of corporate data, including personal information of employees and customers.

Update 6/19/24: CDK Global has released a statement to BleepingComputer, acknowledging the cyber incident and emphasizing their active investigation. While most systems remain shut down, the company is diligently working to restore operations as quickly as possible, prioritizing the concerns and needs of their customers.

The aftermath of this cyberattack serves as a stark reminder of the increasing threats posed by cybercriminals and the far-reaching consequences they can have on businesses and individuals alike.