Car dealer software provider CDK has allegedly suffered a second cyberattack – as it was trying to recuperate from the first one.
As a result of this follow-up attack, the company was forced to turn most of its services back offline and now says it doesn’t know how long it will take for it to restore the system.
In the meantime, many major car dealerships in the United States have been paralyzed, not being able to sell or service vehicles properly. They are operating manually, with pen and paper, and are only able to work on basic things.
No deadline
CDK Global recently reported suffering a cyberattack, which forced it to shut parts of its infrastructure down. Less than 24 hours later, it started to bring some services back online, including CDK Phones, DMS, and Digital Retail services. Unify and DMS logins were also made available, soon after.
However, it seems to company got ahead of itself a little bit, as restoring the services resulted in a secondary attack:
“We are sorry to inform you that we experienced an additional cyber incident late in the evening on June 19th,” reads a CDK notification seen by BleepingComputer.
“Out of continued caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external 3rd party experts.” While, at the time, the company aimed for Friday to restore its systems, it later said it didn’t have an ETA:
“At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available likely for several days,” the company said.
There is currently no indication that it was a ransomware attack, or if any data was stolen. However, given the disruption caused, it’s quite possible.