Car dealership software provider CDK has reportedly suffered a second cyberattack as it tried to recover from the first.
As a result of this follow-up attack, the company was forced to take most of its services offline again and now says it does not know how long it will take before it restores the system.
In the meantime, many major car dealers in the United States have been paralyzed because they cannot properly sell or service their vehicles. They work manually, with pen and paper, and can only work on basic matters.
No deadline
CDK Global recently reported that it had been hit by a cyber attack, forcing it to shut down parts of its infrastructure. Less than 24 hours later, it began bringing a number of services back online, including CDK Phones, DMS and Digital Retail services. Shortly afterwards, Unify and DMS logins were also made available.
However, it seems like the company has gotten ahead of itself a bit, as restoring services resulted in a secondary attack:
“We regret to inform you that we experienced an additional cyber incident late in the evening of June 19,” reads a CDK notification seen by BleepingComputer.
“Out of an ongoing abundance of caution and to protect our customers, we are once again proactively shutting down most of our systems. We are currently assessing the overall impact and consulting with external third-party experts.” Although the company was aiming for Friday to restore its systems at the time, it later said it had no ETA:
“At this time we do not have an estimated time frame for resolution and therefore our dealer systems will likely be unavailable for several days,” the company said.
There is currently no indication that this is a ransomware attack or that any data has been stolen. However, given the disruption caused, it is entirely possible.