Car dealerships across North America are facing ongoing disruptions as software provider CDK Global grapples with the aftermath of a cyberattack Wednesday. The company began restoring its systems Sunday, but the process is expected to take “several days,” reported Bloomberg citing a company statement.

“We are continuing to actively engage with our customers and provide them with alternate ways to conduct business,” CDK said in the statement.

The incident began last Wednesday when CDK shut down all its systems in response to what it described as a “cyber incident,” that impacted over 15,000 car dealerships across North America.

“Out of caution and concern for our customers, we have shut down a majority of our systems. We are currently assessing the overall impact and currently have no ETA,” a CDK statement on Wednesday said.

Despite initial attempts to restore services, a secondary cyber incident on Wednesday evening caused further disruptions, necessitating another shutdown.

CDK’s core dealer management system and digital retailing solutions were briefly restored during the day but had to be taken offline again due to the new incident.

CDK Global, which provides critical software to car dealerships, including sales platforms and dealer management systems, has left thousands of dealerships largely paralyzed.

US auto retailers Sonic Automotive and Penske Automotive reported significant operational disruptions due to CDK’s ongoing outage, Bloomberg said.

A query to CDK remained unanswered.

Hacker demands millions in ransom

The cyberattack has been linked to a group of hackers demanding millions of dollars in ransom to cease their activities, reported Bloomberg. Citing a person familiar with the development, the report said that CDK “intends to pay” the ransom.

This aspect of the incident highlights the increasing threat of ransomware attacks, where hackers lock access to critical systems and demand payment for their release.

CDK, acquired by investment firm Brookfield Business Partners for $6.41 billion in April 2022, has been working with third-party experts to assess the impact of the cyberattack and provide regular updates to affected customers, the report said.

The company emphasized its commitment to reinstating services and supporting dealers through this challenging period.

“In partnership with third-party experts, we are assessing the impact and providing regular updates to our customers. We remain vigilant in our efforts to reinstate our services and get our dealers back to business as usual as quickly as possible,” Bloomberg reported citing a CDK spokeswoman.

This incident underscores the critical need for robust cybersecurity measures to protect essential business operations. It also highlights the potential vulnerabilities in interconnected systems that can be exploited by malicious actors.

“In light of the recent CDK Global cyber incident, it’s clear that a structured approach to understanding the risks, controls, and mitigation strategies for cloud applications and services is essential,” DR Goyal, senior architect at Rakuten Symphony India said.

“Companies must have a well-defined cloud architecture approach that aligns with business needs and risks. Cloud security architecture should be strategic and realistic, covering endpoints, networks, IaaS, PaaS, and SaaS. Additionally, having a dynamic toolset to meet unique customer requirements on the cloud is crucial. A well-defined incident response strategy is also necessary to effectively overcome incidents like this.”