Auto Dealers: The Latest Targets of Ransomware

Emily Connolly, IT Security Analyst, OCD Tech

12 July 2021

Organizations are relying on their cyber infrastructure now more than ever as one of the most pervasive and devastating cyberattack vectors as ransomware continues to gain popularity among attackers. AIG, one of the world’s largest insurers, reported a 150% increase in ransom and extortion claims between 2018 and 2020. Ransomware attacks on critical infrastructure and organizations continue to dominate the news cycle, with targets including gas pipelines, meat suppliers, insurance firms, hospitals, schools, the NBA, transportation, and yes, even auto dealers. According to CDK Global, 85% of dealership IT employees reported that their dealership had suffered a cyberattack in the last two years¹ , and according to a report by Automotive News, 153 viruses and 84 malicious spam emails are intercepted daily by auto dealer IT networks².

Ransomware is a type of malware that infects a computer system and propagates through the network and encrypts the victim’s files, making them inaccessible and unusable until a ransom is paid to the attacker. Ransomware is often spread through malicious websites or emails and can lead to data loss, leaks, and network outages. Ransomware attacks can also be carried out through social engineering—a technique in which attackers manipulate an individual into divulging confidential information or performing a risky action, such as clicking on a link in an email.

In February 2021, Kia Motors America was hit with a ransomware attack that caused a nationwide IT outage affecting internal, dealer and customer-facing systems³. The attackers, the DoppelPaymer ransomware gang, left a ransom note stating that a “huge amount” of data was stolen and would be released in 2-3 weeks if Kia Motors America did not pay the ransom. While some ransomware attacks only encrypt an organization’s data, DoppelPaymer often takes their attacks a step further by posting portions of the stolen data on their data leak site, further pressuring victims to pay the ransom.

Other auto dealerships have recently suffered similar attacks, such as the Arrigo Automotive Group, which was hit with a ransomware attack in December 2019 that halted business for several days⁴. Auto dealers are a prime target for attackers, as many of them hold a large amount of confidential customer data.

In an interview with Wards Auto, Special Agent Edward Parmelee of the FBI’s Cyber Division discussed steps dealerships can take to prevent ransomware attacks and secure their company⁵. His primary recommendation to stop ransomware at the door is having an up-to-date antivirus installed on the network, training employees to recognize suspicious websites and emails through phishing training, and having good security practices in day-to-day operations. Employee education, in his opinion, is the first line of defense against ransomware.

When it comes to phishing emails, it is recommended that employees think before clicking, especially on attachments or links. Users should ask themselves if they were expecting an attachment from the sender and should hover over links to see exactly where the link is directing them to before clicking. Employees should be sure that the sender is someone they recognize, and that the sender’s address is their correct email address, and not an email address made to look like a trusted sender by the attacker. Subtle differences in language or usual business operations are a telltale sign of a phishing email. When in doubt, users should alert their IT department to suspicious emails and refrain from clicking on links or opening attachments.

Simulated phishing campaigns can be helpful in educating users on recognizing phishing emails, while also providing an organization with data on where they can improve.

Parmelee also recommended that dealerships have a comprehensive cyber response plan and keep backups to their networks that are air-gapped from the main network, meaning the backups are not
connected and cannot be compromised by malware. He encouraged dealerships to conduct regular penetration tests on their network, which would discover vulnerabilities and help patch them before a bad actor finds them.

While the thought of a ransomware attack on your business can be frightening, the best defense against ransomware and other cyberattacks is vigilance and preparation. Taking small, basic security steps today can prevent headaches and trouble down the road and can lead to a more secure organization. OCD Tech specializes in security awareness and phishing training to ensure your organization is capable of negating, handling, and preparing for threats like these.