Ransomware attacks on auto industry rise, the security steps you need to take now - CBT News

TSLA390.8209.19% GM75.770-1.12% F11.880-0.2001% RIVN15.020-1.38% CYD40.000-1.21% HMC24.090-0.25% TM188.710-3.91% CVNA382.600-13.2% PAG169.840-1.68% LAD290.9000.78% AN210.000-2.38% GPI353.670-3.2% ABG203.010-0.68% SAH76.430-2.32% TSLA390.8209.19% GM75.770-1.12% F11.880-0.2001% RIVN15.020-1.38% CYD40.000-1.21% HMC24.090-0.25% TM188.710-3.91% CVNA382.600-13.2% PAG169.840-1.68% LAD290.9000.78% AN210.000-2.38% GPI353.670-3.2% ABG203.010-0.68% SAH76.430-2.32% TSLA390.8209.19% GM75.770-1.12% F11.880-0.2001% RIVN15.020-1.38% CYD40.000-1.21% HMC24.090-0.25% TM188.710-3.91% CVNA382.600-13.2% PAG169.840-1.68% LAD290.9000.78% AN210.000-2.38% GPI353.670-3.2% ABG203.010-0.68% SAH76.430-2.32% facebook instagram Linkedin TikTok Twitter Youtube Ransomware attacks on auto industry rise, the security steps you need to take now Ransomware attacks more than doubled in 2025, and the targets now include the vehicles themselves, says a new report from cybersecurity firm Halcyon. By Jason Becknell May 1, 2026 On the Dash: Ransomware attacks on the auto industry more than doubled in 2025, accounting for 44% of all cyber incidents. Suppliers are the weakest link, giving criminals a back door into OEM systems. Connected vehicles are now a direct target, with attackers seizing remote control of individual cars. Ransomware attacks targeting the automotive sector more than doubled in 2025, according to a new report by cybersecurity firm Halcyon. Ransomware is a type of cyberattack in which criminals infiltrate a company’s systems, encrypt its data, and demand payment to restore access. Those attacks made up almost half (44%) of all cyber incidents across the industry last year, the report found. The consequences have been severe. A ransomware attack halted all of Jaguar Land Rover’s global production for more than three weeks last October, causing an estimated $2.5 billion in economic damage. Sign up for CBT News’ daily newsletter and get the latest industry stories delivered straight to your inbox. A year earlier, BlackSuit, a Russia-linked criminal organization, took down operations at approximately 15,000 dealerships for two weeks after attacking the industry’s leading dealership management platform. The collective losses were estimated at $1 billion. Consumer data is also at risk. A compromised automotive IT provider in early 2025 exposed personal information on 2.7 million vehicle owners, including Social Security numbers. Why automakers and dealers are ransomware targets Cybersecurity analysts say criminals are targeting the auto industry for a simple reason: shutting it down is expensive. Automotive manufacturing runs on tight deadlines. When systems go down, the costs quickly add up. The math makes the auto industry one of the most attractive extortion targets for cybercriminals. The industry’s rapid embrace of connected technology made the problem worse. Vehicle platforms, over-the-air software updates, and cloud-based systems all created new targets for the attackers. In 2025, attackers used telematics systems, cloud platforms, or APIs as their primary entry point in 67% of the incidents surveyed, according to Halcyon. Suppliers are the weakest link Most automotive cyber incidents in 2024 hit third-party providers, not the OEMs themselves. Smaller suppliers often hold privileged access to OEM systems. They rarely have the cybersecurity budgets to match that access. Criminals know it. In early 2025, the criminal group Qilin stole more than 500GB of engineering blueprints and supplier agreements from a Japanese precision parts manufacturer. Separate incidents hit suppliers in Italy and Australia during the same period. Breaching a supplier can open a back door straight into an OEM’s systems. The security is weaker. The access is real. And the potential damage runs up the entire supply chain. Connected cars at risk for cyberattacks Ransomware attacks are no longer limited to corporate networks and back-office systems. Criminals are coming for the vehicles themselves. As vehicles come with more connectivity, they are becoming more vulnerable to attack. In June 2025, attackers seized remote control of individual vehicles in Russia. They locked owners out, controlled windows, doors, and engine starts, and demanded ransoms to restore access. The attackers got in through cloned SIMs, expired virtual numbers, and revoked dealer logins. They exploited weak app-registration practices tied to unofficial imports of a specific Chinese vehicle brand. What dealers and automakers need to do now Halcyon’s report urges the industry to invest in cybersecurity measures to combat cybercrime and offers some tips to help keep attackers out: Phishing-resistant, multi-factor authentication for all remote systems and secure accounts. Scrutinize third-party suppliers for potential security issues. Systems should be in place to help detect unusual activity in all networks. Keep offline backups and update and test them regularly. Companies should assume a breach is coming and build systems capable of identifying unusual activity quickly. Finding an attacker early limits the damage. Waiting until systems are encrypted does not. Tagsautomotive industry dealership news automotive news auto industry news automotive industry news More from Industry News Stellantis, Volkswagen report mixed Q1 results UAW monitor cites governance failures in delayed strike fund investments NHTSA’s controversial ‘Kill Switch’ mandate lives on despite missed deadline, repeal effort Carvana expands CDJR footprint as new-car ambitions take shape Previous article Next article Latest Articles Latest Articles 05/02/26 Weekly roundup: GM tops Q1 expectations, Fed holds rates steady, Lawmakers push to safeguard U.S. auto market Latest Articles 05/01/26 Ransomware attacks on auto industry rise, the security steps you need to take now Latest Articles 05/01/26 Stellantis & VW post mixed Q1 results, UAW monitor flags investment failures, Rivian boosts GA plant capacity Latest Articles 05/01/26 Stellantis, Volkswagen report mixed Q1 results Latest Articles 05/01/26 UAW monitor cites governance failures in delayed strike fund investments Latest Articles 05/01/26 Rivian increases Georgia plant capacity to 300,000 units, narrows Q1 losses Latest Articles 05/01/26 NHTSA’s controversial ‘Kill Switch’ mandate lives on despite missed deadline, repeal effort Latest Articles 05/01/26 2026 Toyota Camry Nightshade: Hybrid-only strategy delivers style, efficiency, and value Latest Articles 05/01/26 Carvana expands CDJR footprint as new-car ambitions take shape Latest Articles 05/01/26 Diesel was never the problem – Washington was the problem! Load More ×