Ransomware attack hits car dealer

What should you do to prepare?

Published on

In December of 2019, a Florida car dealership was hit by a ransomware attack. This sophisticated style of data security attack breaks into a network and locks access to email, databases, and other essential files and programs. The hackers typically then demand a large payment in the form of an untraceable financial instrument. In this case the hackers demanded 65 Bitcoins, roughly equivalent to $600,000, to restore access to the dealership’s systems.

Ransomware attacks are not new. Many businesses and institutions have been hit by them across the country, including even hospitals and police departments. Car dealerships may be more vulnerable to them than many other retailers, as they rely on a wide range of data to conduct their business and typically have dozens of users accessing their systems.

Ransomware attacks usually access a system due to human error, such as through responding to a phishing email. These types of emails will pretend to be from a trusted source and request that the recipient download a file or provide account information. The hackers then can either use the account information to access the whole system or have harmful software hidden in the file that allows the hacker to gain access. As with most hacking events, the best way to avoid a ransomware attack is to train staff not to fall for phishing emails. This means that staff should never download a file from an email without confirming the identity of the sender and the nature of the file. They also should never provide account information in response to an email without first confirming the identity of the requestor.

If your dealership does experience a ransomware attack, all options are expensive. The ransoms themselves tend to be six-figures, and there is no guarantee the attacker will release the system even after payment. Further, experts note that some ransomware attacks have been linked to organizations with ties to terrorism, meaning that payment of the ransomware could end up funding terrorism and therefore be criminal. Victims of ransomware are rarely prosecuted, but many businesses will choose to avoid this potential even without the added risk of prosecution.

The other option available is to rebuild the computer system. IT specialists rarely are able to fight against the ransomware attack and fully restore the system, meaning that replacing the system itself is the only practical option. The good news for dealerships is that most of their most crucial data systems are run on cloud-based systems and are therefore backed up. Manufacturers and vendors can also help restore customer data. The costs are still steep, though. The Florida dealership chose not to pay the ransom, and found that just purchasing new computer alone cost over a quarter of a million dollars.

The best steps to take are preventative. Every dealership should take cybersecurity seriously and train its staff to avoid all suspicious files and information requests. Dealerships that want to take it a step further should also consider cyber security insurance. Coverage varies widely, so before purchasing a product discuss your needs with an automotive attorney with a strong background in data security. Scali Rasmussen is here to help you evaluate your options.