CDK Says Restoration Nearly Complete ‘Ahead Of Schedule’

Two weeks after it was struck by a ransomware attack, the software maker says that ‘substantially all’ of the car dealerships it serves are back online.

CDK Global said Tuesday that “substantially all” of the car dealerships it serves are back online, two weeks after the software maker was struck by a crippling ransomware attack.

In a recorded message for customers heard Tuesday, the company indicated that it expects to soon complete the restoration process for the thousands of dealerships who use its platform, saying most are already reconnected on its Dealer Management System (DMS).

“We are happy to report that we are ahead of the anticipated schedule and as of now substantially all dealer connections are live on the core DMS,” the company said in the recorded message.

Just a day ago, Austin, Texas-based CDK had disclosed it might take until late Wednesday at the earliest to get all dealerships reconnected onto its Dealer Management System (DMS).

That’s perhaps cold comfort for the 15,000 car dealerships that have struggled with disruptions since the back-to-back cyberattacks struck CDK on June 18 and 19, leading the company to shut down its systems.

Additionally, CDK said in the recorded message Tuesday that the rollout process for its Elead CRM will start Thursday.

CRN has reached out to CDK for further comment.

CDK provides SaaS-based CRM, payroll, finance and other key functions for car dealerships, leading to widely felt disruption in the wake of the attacks.

While CDK was working to recover from the first attack on June 18, the company said it was struck by a second attack the following day.

“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems,” CDK said in a previous statement provided to CRN. The system shutdown resulted in an outage that has severely affected thousands of car dealerships.

CDK has declined to comment on media reports indicating that the company was planning to make a ransom payment, purportedly worth tens of millions of dollars, with the goal of recovering its systems more quickly.

A forecast issued last week by J.D. Power and GlobalData, meanwhile, indicated that total new-vehicle sales for June were expected to drop by as much as 7.2 percent from the same month a year earlier, in the wake of the CDK disruptions. A “significant number of sales” are likely to be pushed out to July, the forecast suggested.

Disruptive Attacks

Following on the heels of ransomware attacks against prescription processor Change Healthcare and health system Ascension—both of which had massive impacts beyond the companies themselves—the CDK attack has added to questions about whether threat actors are now intentionally aiming to maximize societal disruption.

It’s generally difficult to assess what the attackers’ intentions were in incidents such as these, according to Mark Lance, vice president for DFIR and threat intelligence at GuidePoint Security, No. 39 on CRN’s Solution Provider 500 for 2024. When it comes to ransomware groups, “a lot of times, they might not even recognize the level of impact indirectly [an attack] is going to have on downstream providers or services,” Lance said.

Still, he said, it can’t be entirely ruled out that attackers “might be using that as an opportunity to leverage [the disruption] and make sure they get paid.”