Minnesota auto dealers are still grappling with a nearly week-old cyberattack that has left vendors across North America without the software they use for day-to-day operations, including vehicle sales.
Back-to-back cyberattacks hit Illinois-based CDK Global on Wednesday, and the company said this week it expects the restoration process to take "several days." CDK serves nearly 15,000 auto dealers in the U.S. and Canada, according to its website.
At Anderson & Koch Ford, Inc. in North Branch, Minn., General Manager Patrick Fossum said he walked in to work last Wednesday morning and learned the software system was down. Since then, he said, his dealership has been "kind of running blind on some stuff" as employees work in a separate electronic system and by hand, including writing paper checks and completing titles manually.
"Most of our systems are functioning to a degree. When we do have the system back up, we're going to have quite a bit of data entry to do," he said. "We don't exactly know where we are internally, but as far as everything customer-facing, everything's still running."
Fossum estimated at least half of Ford dealerships use CDK software. There have been service interruptions in the past, he said, "but never this level of time or to this degree."
The software company hasn't provided the dealership with updates beyond what has been available publicly, Fossum said.
In a statement Wednesday, CDK spokeswoman Lisa Finney said the company "promptly launched an investigation with leading third-party experts and notified law enforcement" after the June 19 incident.
"We have begun the restoration process and are continuing to actively engage with our customers and provide them with alternate ways to conduct business," she said.
Minneapolis resident Bryan Lee, 27, said he contacted dealerships in multiple states as he shopped for the best price on a Chevrolet Blazer but found the software outage made it difficult to get an accurate quote. After locating the car he wanted in Indiana, he flew to St. Louis and then drove to Evansville, Ind., before walking into the dealership shortly after 9 a.m. Monday. He didn't leave until nearly 1 p.m., he said, because employees had to complete calculations and paperwork by hand.
"I definitely felt like they were stressed, because they kept having to take the document from me as I'm finding errors with it, run it over to their finance person, run it over to their manager to double-check, and that process of taking it back and forth makes them frustrated," Lee said. "Especially because it's me having to deliver that news. ... It makes me look like a difficult customer, but I'm just trying to make sure the math is done correctly."
Bloomberg News reported the cybercrime group BlackSuit was behind the ransomware attack, a form of cyberattack in which a malicious actor encrypts files — rendering them unusable — and then demands payment in exchange for decryption. The group has demanded tens of millions of dollars in ransom, which CDK plans to pay, according to Bloomberg, though CDK has not publicly confirmed that.
This story contains material from the Associated Press and Star Tribune staff writer Burl Gilyard.