Back to Paper and Pen? A Growing Trend in Ransomware Disrupting Operations Across the Automotive Ecosystem

In a troubling turn of events, a key player in the automotive retail technology sector, has fallen victim to a ransomware attack. The attack, allegedly attributed to a well-known ransomware group, resulted in significant disruptions, impacting over 15,000 automotive dealership locations and their operations across North America. This incident not only underscores the vulnerabilities within critical supply chains but also draws alarming parallels to a previous ransomware attack on a company integral to global fleet management and asset tracking.

US dealership software provider suffers a massive ransomware attack

In mid June 2024, a US SaaS provider for car dealerships, renowned for providing integrated data and technology solutions to automotive retailers, experienced an outage caused by a ransomware attack. The breach has disrupted various services, leading to operational delays for dealerships relying on the company’s software for their day-to-day operations and forced a return to manual processes. As reported by Bloomberg News, the ransom demand was $10 million. However rumors on X (Twitter) reported the demand was raised to $50 million.

This attack also demonstrates the impact on OEM and the extended risk landscape. Dealership downtime is likely to result in postponed deliveries, limited visibility into warranty and repairs as well as required parts. Furthermore, as OEM backend systems are closely connected to dealership systems, primarily via APIs, this attack may also compromise OEMs directly.

While the company reported to be working diligently to restore services and mitigate the damage, this incident highlights the severe impact that cyber attacks can have across the automotive industry’s value chain.

US telematics IoT vendor was also recently hit by operational disruption due to a ransom attack

The June 2024 attack comes not long after a similar ransomware incident involving a US telematics IoT vendor. In September 2023, a company that offers driver logging and inventory management solutions for the commercial fleets, faced a debilitating ransomware attack. This breach caused substantial outages, affecting fleet management and asset tracking for numerous trucking companies. This attack disrupted logistics and supply chains, demonstrating the far-reaching consequences of such cyber threats.

Connecting the dots: the automotive ecosystem is a prime target for large-scale attacks

These two ransom attacks reveal a disturbing trend where cybercriminals target crucial nodes in the supply chain. These incidents highlight several key issues:

1. Vulnerability of critical infrastructure: both victims provide essential services to their respective industries. The disruption caused by these attacks underscores the vulnerability of critical infrastructure and the cascading effects on dependent businesses.
2. Increased sophistication of ransomware attacks: the use of sophisticated ransomware indicates that cybercriminals are becoming more adept at exploiting weaknesses in cybersecurity defenses, causing widespread operational disruptions.
3. Need for robust cybersecurity resilience: these incidents stress the importance of robust cybersecurity measures and incident response plans. Companies must prioritize cybersecurity to protect their systems and ensure business continuity.

These recent ransomware attacks serve as stark reminders of the growing cybersecurity threats facing industries today. Upstream’s cyber threat intelligence team constantly monitors malicious actors and ransom groups, including the group that recently targeted the dealership software company. As cybercriminals continue to target key supply chain entities, it is imperative for companies to enhance their cybersecurity posture, invest in advanced security solutions, and foster a culture of vigilance. Only through comprehensive cybersecurity strategies and ongoing assessments and education can businesses hope to safeguard their operations against the ever-evolving landscape of cyber threats.