Updated 10:30 A.M. June 22:

CDK Global is reportedly negotiating with Eastern European hackers who forced the company to shut down services to auto dealers across the U.S.

According to Bloomberg’s report, CDK intends to pay the ransom—reportedly costing tens of millions of dollars—to restore its cloud-based software to dealerships in the country that helps dealerships manage vehicle acquisitions, sales, financing, insuring, repairs and maintenance. The company has stated it is aware of “bad actors” posing as members or affiliates of CDK to try to obtain system access by contacting customers and urged employers to be cautious of any attempted phishing.

CDK, based just outside of Chicago in Hoffman Estates, IL, has not made any public comments since shutting down their services on Thursday, June 20, after a second attack. Dealers affected are operating manually, with pen and paper, and are only able to work on basic things.

U.S. auto retailers Sonic Automotive and Penske Automotive flagged a hit to their operations on Friday, as CDK experienced a third consecutive day of outage.

Previous story:

CDK Global reportedly had to shut down its dealership management system for a second day after experiencing another “cyber incident.”

CDK Global, whose software is used at 15,000 auto dealers, was first attached on June 19 that hampered operations Wednesday at U.S and Canada dealerships, company officials confirmed.

As of 3 p.m. June 20, CDK says the outage will likely last for “several days” in a to dealers obtained by Automotive News.

“We are actively investigating a cyber incident,” CDK spokesperson Lisa Finney said in a statement published by CNN after the first attack. “Out of an abundance of caution and concern for our customers, we have shut down most of our systems and are working diligently to get everything up and running as quickly as possible.”

CDK System Attack

CDK’s systems first went down around 2:00 a.m. EDT (June 19). The company was able to restore some functions began to come back online by Wednesday afternoon. But its systems were attacked again before the business day started on Thursday, June 20, Automotive News reported.

The incident follows a cyberattack against Findlay Automotive Group last week. The automotive group—which operates in five states—said the attack restricted its ability to conduct sales and service.

“Promptly after becoming aware of the issue, we launched an investigation with the assistance of leading cybersecurity experts and law enforcement. Our investigation is ongoing, and we are working diligently to resolve the matter,” the company said in a Facebook posting.

Why Target Auto Dealer Industry

One of the leading providers of cloud-based software to dealerships in the country, CDK’s software helps dealerships manage vehicle acquisitions, sales, financing, insuring, repairs and maintenance.

In a 2023 report, CDK said that 17 percent of 175 dealerships that it surveyed experienced a cyberattack in that past year.

Dealerships are an attractive target for cyber attacks because of the sensitive customer data they hold, from credit applications to customer financial information that hackers seek.

This is a developing story….