Ransomware attacks targeting the auto industry more than doubled in 2025 and now account for 44% of all cyber incidents across the sector, according to the Halcyon Research Institute.
The details: The surge reflects a strategic shift by cybercriminals, who increasingly view the automotive ecosystem as a high-value target, with several key vulnerabilities driving the rise in attacks, a new Halcyon report reveals.
According to the findings:
-
Connected vehicles, telematics, APIs, and cloud systems were exploited in 67% of incidents.
-
Smaller third-party suppliers (often with privileged access but weaker defenses) are the most common entry point.
-
Organized groups are using Ransomware-as-a-Service (RaaS) models and AI-enabled tools.
-
And production downtime quickly translates into major financial losses, increasing pressure to pay ransoms.
Why it matters: The growing scale and sophistication of ransomware attacks highlight the vulnerability of retail operations, where a single breach can disrupt sales, service, financing, and access to customer data.
Between the lines: Recent high-impact incidents across the auto ecosystem underscore the potential fallout at the dealership level.
-
For example, since 2024, a global automaker and its subsidiaries have been breached multiple times, with roughly 900GB of internal data—including dealership records—stolen.
-
A major ransomware attack on Jaguar Land Rover halted production for over three weeks, contributing to an estimated $2.5 billion impact and a 43% drop in wholesale volumes during the period.
-
And a 2024 attack on CDK Global shut down operations at roughly 15,000 dealerships for two weeks, with losses estimated at $1 billion, including a reported $25 million ransom payment.
OUTSMART THE CAR MARKET IN 5 MINUTES A WEEK
Get insights trusted by 55,000+ car dealers. Free, fast, and built for automotive leaders.
Taking action: The Halcyon report outlines several steps to mitigate ransomware risk.
-
Deploy anti-ransomware tools that detect attacks before encryption by identifying early behavioral signals.
-
Prioritize patching internet-facing systems such as VPNs, firewalls, file transfer platforms, RDP endpoints, and ERP systems.
-
Implement phishing-resistant multi-factor authentication, especially for remote access and privileged accounts, and audit third-party access.
-
Harden EDR tools against tampering and maintain immutable, offline backups with regularly tested restoration processes.
Bottom line: Cybersecurity is an operational risk that requires stronger investments and defenses from dealers to avoid costly disruptions and hits to customer trust.
A quick word from our partner
AI is everywhere right now—but not all AI is created equal.
Many dealerships are running bolt-on tools that answer questions but don’t convert or drive measurable revenue.
Podium delivers AI built to perform, consolidating sales, service, and voice into one platform that manages conversations end-to-end and books more appointments.
If you’re investing in AI, make sure it’s driving results.
