LockBit 3.0 statementLockBit 3.0 statement


Listed car dealer Pendragon has ‘contained’ cyber attack – but new deadline for data release issued by hackers

  • Hackers want Pendragon to pay $60m ransom or they’ll release 2TB of data
  • Car dealer group issues update saying its IT systems are no longer under attack
  • Cyber criminals LockBit 3.0 issue new deadline for threatened data release
  • Pendragon says it has not paid ransom and ‘no evidence of ongoing threat’

Time 6:00 am, October 28, 2022

Listed car dealer group Pendragon says it believes it has ‘contained’ attempts by hackers to attack its systems.

In an update issued to Car Dealer Magazine this evening (Thursday, October 27), Pendragon said the hack by LockBit 3.0 had been ‘contained’ and its website is now ‘secure’.

However, the hackers have issued a new warning on a blog (pictured above) threatening to release 2TB of stolen data in two days time unless a $60m ransom is paid. 

Last week the dealer group revealed the hackers had penetrated its systems and stolen five per cent of its data.

Pendragon would not comment on the status of the stolen data to Car Dealer this evening, but said it believes its IT systems are now secure.

The firm said: ‘Following containment, our IT security experts have found no evidence of any ongoing threats in the network. 

‘We are constantly monitoring using an industry leading endpoint, detection and response system.’

The hackers demanded Pendragon pay $60m in ransom money into a bitcoin wallet following the breach.

The criminals said they would release the stolen data onto the dark web if its demand was not met. 

That threat expired on October 21 and, to the firm’s knowledge, did not take place.

However, a new deadline of October 29 at 15:38:41 UTC has been issued by the hackers.

LockBit 3.0 said in an online blog: ‘We will not announce the reason because of which we will publish the data of this victim [sic].

‘More than 2 million files of all categories with a total volume of 2TB will be presented to your attention.’

Pendragon owns around 160 showrooms across the UK and uses the Evans Halshaw and Stratstone names.

When news broke of the attack, the company’s chief marketing officer, Kim Costello, told The Times: ‘We refuse to be held hostage by this group and we will not be paying a ransom demand.’

A spokesperson for the firm said the company had ‘absolutely not’ paid the ransom. 

The spokesperson said the car dealer group is still working on further steps to protect its systems.

Pendragon initially said that suspicious activity had been detected in its IT systems and called it an ‘IT security incident’. 

The dealer group said at the time: ‘This has not affected our ability to operate, and we continue to service our customers and communities as normal.

‘Upon discovery, we took immediate steps to contain the incident.

‘Our security specialists launched an extensive investigation to assess fully what has happened and we’ll be keeping our customers and partners updated.

‘To add, the Pinewood Dealer Management System was and remains completely unaffected.’

LockBit is a prolific criminal hacking group, and is thought to have recently targeted insurance firm Kingfisher, and NHS supplier Advance Health and Care.

In August, it was reported to have been behind some 40 per cent of ransomware demands.

More: Hackers target dealer group Holdcroft in major cyber attack that may have compromised employees’ data

James Baggott's avatar

James is the founder and editor-in-chief of Car Dealer Magazine, and CEO of parent company Baize Group. James has been a motoring journalist for more than 20 years writing about cars and the car industry.

More stories...

Server 108