Automobile Retailer Refusing to Pay LockBit Ransom Demand

Pendragon Group, an automobile retailer with over 200 showrooms across the United Kingdom had its IT servers breached by LockBit threat actors claiming to have stolen 5% of its data. Pendragon owns luxury car retailers, including CarStore, Evans Halshaw, and Stratstone and sells car brands for all budgets, from Jaguar, Porsche, and Ferrari to Ford, Hyundai, and Nissan.

Refusing to Pay LockBit Ransom Demand

The threat actors responsible for the data breach are connected to the LockBit 3.0 ransomware group and are demanding Pendragon pay $60 million ($54 million pounds) into a bitcoin wallet. If Pendragon refuses to pay the ransom, the threat actors state they will release sensitive data on the dark web. The company’s chief marketing officer explained that Pendragon is refusing to be held hostage and will not pay the ransom demand while taking measures to strengthen the protection of their IT systems and customer information.

The security incident hasn’t affected the company’s ability to operate and continue to service its customers and communities. Pendragon’s dealer management system, Pinewood Technologies, which is used by numerous global franchised dealers, was completely unaffected by the incident. The company immediately took measures to contain the incident upon its discovery. An extensive investigation was launched by the company’s security specialists to fully assess what happened and they are regularly keeping their customers and partners updated regarding the incident. Pendragon reported the incident to the National Cyber Security Centre, the Information Commissioner’s Office, the FCA, and the local police. Additionally, the company has alerted its manufacturing partners and informed its 4,000 staff.

It’s good to know that companies like Pendragon are going the extra mile to handle incidents the right way, especially in a regulatory climate. The company’s willingness to ensure everyone involved remains well-informed about the incident is an approach other companies should adopt moving forward.

LockBit is a high-profile ransomware group that utilizes double and triple extortion tactics in their attacks that involve data theft and data encryption. Over a third of all ransomware attacks, this year were launched by LockBit and its affiliates. Over 200 victims were connected to the LockBit ransomware group and posted companies’ data on their leak site.

With ransomware groups continuously looking for new targets, including automotive dealers and manufacturers, it’s important for businesses and auto companies to always remain ahead of the threat landscape and take preventative measures to reduce the risk of future cyberattacks. Certain businesses within different industries are requiring an increase in security posture. GM recently enacted a campaign where their subsidiaries will need to meet minimum cybersecurity standards:

• A 24/7/365 Security Operations Center
• Enterprise Grade Security Tools
• Fully Managed United Threat Management
• Cyber Risk Assessments and Training
• Rapid Incident Response and Disaster Recovery

These cybersecurity solutions are designed to be industry best practices and align with what other organizations should be utilizing as a framework. In the coming years, expect cybersecurity requirements enabled by government entities to increase as cyber threats remain potent.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.