Is Your Dealership Prepared to Handle Ransomware?

Dealerships are relying on their cyberinfrastructure now more than ever as one of the most pervasive and devastating cyberattack formats – ransomware – continues to gain popularity among attackers.


Ransomware is defined as vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Ransomware attacks cause downtime, data loss, possible intellectual property theft, and can be considered a data breaches within some regulated industries.


Ransomware attacks on critical infrastructure and organizations continue to dominate the news cycle. According to CDK Global, 85% of dealership IT employees reported that their dealership had suffered a cyberattack in the last two years.


Ransomware attacks also can be carried out through social engineering, a technique in which attackers manipulate an individual into divulging confidential information to perform a risky action, such as clicking on a link in an email.


A large Korean auto manufacturer was the victim of a ransomware attack in February 2021 that caused a nationwide IT outage affecting internal, dealer, and customer-facing systems. A group by the name of the “DoppelPaymer ransomware gang” left a note stating that a “huge amount” of data was stolen and would be released in two to three weeks if the organization did not pay the ransom. In this case, the attacker posted portions of the stolen data on a leak site to cement their threat and pressure the organization to comply.


Auto dealers are an ideal target for attackers, as many hold large amounts of confidential customer information. Dealerships would be legally liable for these breaches.


Recommended actions against ransomware include:


  • frequent antivirus updates across networks,
  • awareness training for employees to recognize suspicious emails and websites, and
  • performing comprehensive security assessments periodically to detect any weaknesses or areas for improvement.


Phishing campaigns that simulate potential malicious emails can help educate users on recognizing phishing emails while also providing an organization with data on where they can improve.


In addition, developing a comprehensive incident response plan that considers cyber-related scenarios, such as a ransomware attack, and keeping backups to networks that are air-gapped from the main network are additional steps dealerships can take to mitigate the risks presented by ransomware.


Written by Jorge Santiago-Escobar. Copyright © 2021 BDO USA, LLP. All rights reserved.