Back to Paper and Pen? A Growing Trend in Ransomware Disrupting Operations Across the Automotive Ecosystem


Director of Cyber Threat Intelligence

June 25, 2024

In a troubling turn of events, a key player in the automotive retail technology sector, has fallen victim to a ransomware attack. The attack, allegedly attributed to a well-known ransomware group, resulted in significant disruptions, impacting over 15,000 automotive dealership locations and their operations across North America. This incident not only underscores the vulnerabilities within critical supply chains but also draws alarming parallels to a previous ransomware attack on a company integral to global fleet management and asset tracking.

US dealership software provider suffers a massive ransomware attack

In mid June 2024, a US SaaS provider for car dealerships, renowned for providing integrated data and technology solutions to automotive retailers, experienced an outage caused by a ransomware attack. The breach has disrupted various services, leading to operational delays for dealerships relying on the company’s software for their day-to-day operations and forced a return to manual processes. As reported by Bloomberg News, the ransom demand was $10 million. However rumors on X (Twitter) reported the demand was raised to $50 million.

This attack also demonstrates the impact on OEM and the extended risk landscape. Dealership downtime is likely to result in postponed deliveries, limited visibility into warranty and repairs as well as required parts. Furthermore, as OEM backend systems are closely connected to dealership systems, primarily via APIs, this attack may also compromise OEMs directly.

While the company reported to be working diligently to restore services and mitigate the damage, this incident highlights the severe impact that cyber attacks can have across the automotive industry’s value chain.

US telematics IoT vendor was also recently hit by operational disruption due to a ransom attack

The June 2024 attack comes not long after a similar ransomware incident involving a US telematics IoT vendor. In September 2023, a company that offers driver logging and inventory management solutions for the commercial fleets, faced a debilitating ransomware attack. This breach caused substantial outages, affecting fleet management and asset tracking for numerous trucking companies. This attack disrupted logistics and supply chains, demonstrating the far-reaching consequences of such cyber threats.

Connecting the dots: the automotive ecosystem is a prime target for large-scale attacks

These two ransom attacks reveal a disturbing trend where cybercriminals target crucial nodes in the supply chain. These incidents highlight several key issues:

  1. Vulnerability of critical infrastructure: both victims provide essential services to their respective industries. The disruption caused by these attacks underscores the vulnerability of critical infrastructure and the cascading effects on dependent businesses.
  2. Increased sophistication of ransomware attacks: the use of sophisticated ransomware indicates that cybercriminals are becoming more adept at exploiting weaknesses in cybersecurity defenses, causing widespread operational disruptions.
  3. Need for robust cybersecurity resilience: these incidents stress the importance of robust cybersecurity measures and incident response plans. Companies must prioritize cybersecurity to protect their systems and ensure business continuity.

These recent ransomware attacks serve as stark reminders of the growing cybersecurity threats facing industries today. Upstream’s cyber threat intelligence team constantly monitors malicious actors and ransom groups, including the group that recently targeted the dealership software company. As cybercriminals continue to target key supply chain entities, it is imperative for companies to enhance their cybersecurity posture, invest in advanced security solutions, and foster a culture of vigilance. Only through comprehensive cybersecurity strategies and ongoing assessments and education can businesses hope to safeguard their operations against the ever-evolving landscape of cyber threats.

Newsletter Icon

H1'2024 Report: Redefining Automotive & Smart Mobility IoT Cyber Risks

Newsletter Icon

to our newsletter

Stay up-to-date on the latest trends, emerging risks, and updates

The 2024 Paris Olympics: Navigating the Escalated Cyber Threat Landscape

As the Paris Olympic Games approach, ensuring the safety and success of the event is paramount. Transportation systems and fleets are critical components in this…

Read more

European Legislators are Charging Ahead on IoT Cybersecurity Regulations

IoT devices have become deeply embedded in the automotive and smart mobility ecosystem, dramatically transforming industries with increased efficiencies and innovation. However, this rapid technological…

Read more

The US Federal Government Zooms in on IoT Cybersecurity

As IoT device usage continues to expand across various sectors in the US, government efforts to ensure that these devices are not only effective but…

Read more

The State of Automotive Cybersecurity: Key Insights from Auto-ISAC European Summit

We recently took part in the Auto-ISAC European Summit at the iconic BMW-Welt in Munich, gaining valuable insights into the evolving automotive cybersecurity landscape. As…

Read more