Ransomware at Dealerships

Dealerships are relying on their cyber infrastructure now more than ever as one of the most pervasive and devastating cyberattack vectors as ransomware continues to gain popularity among attackers.

Ransomware is defined as vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Ransomware attacks cause downtime, data loss, possible intellectual property theft, and can be considered as a data breach within some regulated industries.

Ransomware attacks on critical infrastructure and organizations continue to dominate the news cycle. According to CDK Global, 85% of dealership IT employees reported that their dealership had suffered a cyberattack in the last two years.

Ransomware attacks can also be carried out through social engineering—a technique in which attackers manipulate an individual into divulging confidential information or performing a risky action, such as clicking on a link in an email.

During February 2021, a large Korean auto manufacturer was the victim of a ransomware attack that caused a nationwide IT outage affecting internal, dealer and customer-facing systems. A group by the name of the “DoppelPaymer ransomware gang” left a note stating that a “huge amount” of data was stolen and would be released in 2-3 weeks if the organization did not pay the ransom. In this case, the attacker posted portions of the stolen data on a leak site to cement their threat and pressure the organization to comply.

Auto dealers are an ideal target for attackers, as many of them hold large amounts of confidential customer information. Dealerships would be legally liable for these breaches.

Recommended actions against ransomware include frequent antivirus updates across networks, awareness training for employees to recognize suspicious emails and websites and performing comprehensive security assessments periodically to detect any weaknesses or areas for improvement.

Phishing campaigns that simulate potential malicious emails can be helpful in educating users on recognizing phishing emails, while also providing an organization with data on where they can improve.

In addition, the development of a comprehensive incident response plan that considers cyber related scenarios, such as a ransomware attack, and keeping backups to networks that are air-gapped from the main network are additional steps dealerships can take to mitigate the risks presented by ransomware.

BDO assists organizations in implementing the above-referenced recommendations, as well as providing clients with additional thought leadership and access to subject matter resources.