BlackSuit Ransomware Attack at CDK Global Causes Widespread Disruption

June 19, 2024

On June 19 CDK Global, a major car dealership software company suffered a cyberattack prompting the company to take all systems offline “out of an abundance of caution.” Reuters reported CDK took down its dealer management system at more than 15,000 retail locations.

The outage has impacted about half of Volkswagen dealers and around 60% of Audi’s dealers and several card retailers also flagged disruptions. Dealers moved back to traditional pen and paper format to conduct operations. As a result new car sales for June are projected to fall.

The hacker group was identified as BlackSuit. As of Wednesday, July 3, the company is still working to get all impacted dealers back online. The date all dealerships using CDK are expected to be back online following the attack is July 4.

read more

Ransomware Attack at Nissan North America

November 7, 2023

Franklin, Tennessee-based Nissan North America, Inc. (NNA) is just now notifying workers and customers of a ransomware attack against the company this past November which it discovered at the end of February.
The targeted attack on an external VPN shut down some systems and resulted in affecting 53,038 people. It occurred November 7, 2023 and the company discovered it Feb. 28, 2024.
The company said in a report released Wednesday (May 15), “on November 7, 2023, NNA learned it was the victim of a targeted attack against its external VPN when a criminal threat actor deliberately shut down certain NNA systems and demanded a ransom.
“Immediately upon discovering the criminal attack, NNA (working very closely with external cybersecurity professionals experienced in handling these types of complex security incidents) investigated, contained, and successfully terminated the threat.”

read more

Hyundai Motor Europe Suffered Black Basta Ransomware Attack

January 3, 2024

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. Hyundai confirmed to BleepingComputer that they suffered a cyberattack.
BleepingComputer reports learning Black Basta ransomware operation conducted the attack in early January, when they claimed to have stolen 3 TB of data from Hyundai Motor Europe.

read more

Hackers Attack Alzura, German Tire Trading Company

February 5, 2024

The online tire and parts retail giant Alzura has fallen victim to a hacker attack. According to the company, dealer accounts on Alzura Tyre24 as well as the white label solutions “Tyre Shopping” and “Alzura Shop” are among those affected by the latest hacker attack.

read more

Hackers Breach Systems at Steel giant ThyssenKrupp

February 23, 2024

Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division, forcing them to shut down IT systems as part of its response and containment effort. “The threat situation is under control, and we are working on a gradual return to normal operations,” a spokeswoman for the company said. While the shutdown halted production, she said, the company was still able to supply customers.

ThyssenKrupp has clarified that no other business units or segments have been impacted by the cyberattack, which was contained in the automotive division. They are working on gradually returning to normal operations.

read more

Wannacry Affects Operations at Several Renault Plants

May 12, 2017

Global cyberattack caused widespread disruption including stoppages at several of Renault-Nissan sites. Renault and its Japanese partner are the only major car manufacturers so far to have reported production problems resulting from Friday’s WannaCry ransomware worm attack that spread to more than 150 countries.

The cyber attack halted or reduced the output of at least five Renault sites over the weekend. Besides Douai, they included a van plant in Sandouville, France; a small-car plant in Slovenia; the no-frills Dacia plant in Pitesti, Romania; and a factory shared with Nissan in Chennai, India.

read more

Ransomware Attack at AW North Carolina Shuts down Operations for 4 Hours

August 16, 2016

The attack against AWNC started on Aug. 16, 2017, when the company’s information technology (IT) systems were infiltrated by a newer strain of ransomware. This malicious software encrypted the company’s critical data and demanded a ransom to restore access to the affected files. It ultimately shut down production lines for four hours at the 2,200-worker plant. The disruption affected not only AWNC, but also its customers as delays in the delivery of transmission components led to a ripple effect throughout the automotive supply chain.

read more

Operational Impact at Electronics Company Alps Alpine Group

September 10, 2023

ALPS’ North American production operations and delivery was impacted by a ransomware incident on their systems. ALP promptly shut off the network connection of servers and other devices infected and reported they “are still working to restore equipment and production functions. At present, with the exception of our production bases in Mexico, we have resumed production and delivery with alternative methods for system failures.”

North American employee data was reportedly leaked.

This follows on the heels of a separate attack on July 6, 2023, where an attack exfiltrated data on 16,000 employees.

read more