Pendragon owned Statstone dealershipPendragon owned Statstone dealership


Pendragon being held to $60m ransom by dark web hackers

  • Dealer group is currently undergoing a major cyberattack
  • Ongoing security breach began a month ago, it was revealed today
  • Pendragon has informed National Cyber Security Centre and police
  • Firm is refusing to hand over cash to the dark web hackers, it’s believed

Time 12:55 pm, October 21, 2022

Dealer group Pendragon is currently the subject of a cyberattack and is being held to a $60m (£54m) ransom by hackers.

The listed firm, which owns around 160 showrooms across the UK and uses the Evans Halshaw and Stratstone names, has had its IT servers hacked, with dark web hackers having stolen five per cent of its data.

The gang is connected to a group known as LockBit 3.0, said The Times.

The hackers want Pendragon to pay the $60m (£54m) into a bitcoin wallet.

If not, the hackers will release sensitive data on the dark web today (Oct 21), it’s believed.

Pendragon said it had not taken part in discussions about payment, adding that it has taken steps to protect the remainder of its system.

The company’s chief marketing officer, Kim Costello, told the newspaper: ‘We refuse to be held hostage by this group and we will not be paying a ransom demand.’

Pendragon also issued a press release which said: ‘We have identified suspicious activity on part of our IT systems and have confirmed we experienced an IT security incident.

‘This has not affected our ability to operate, and we continue to service our customers and communities as normal.

‘Upon discovery, we took immediate steps to contain the incident.

‘Our security specialists launched an extensive investigation to assess fully what has happened and we’ll be keeping our customers and partners updated.

‘To add, the Pinewood Dealer Management System was and remains completely unaffected.’

It went on to say: ‘We have reported this with the National Cyber Security Centre, the Information Commissioner’s Office, the FCA and the police.’

Pendragon has also alerted its manufacturer partners and told its 4,000 staff.

Costello also said: ‘Earlier this month we became aware that our IT systems had been compromised.

‘Upon discovery, we took immediate steps to contain the incident but can confirm some data was stolen.

‘We have been contacted by LockBit, a criminal organisation who demanded that we pay tens of millions of dollars before a deadline or they would release the data on to the dark web.’

LockBit is a prolific criminal hacking group, and is thought to have recently targeted insurance firm Kingfisher, and NHS supplier Advance Health and Care.

In August, it was reported to have been behind some 40 per cent of ransomware demands.

Later on Friday (Oct 21), Pendragon said it had obtained an interim injunction against the hackers.

Hackers target dealer group Holdcroft in major cyber attack that may have compromised employees’ data

James Batchelor's avatar

James – or Batch as he’s known – started at Car Dealer in 2010, first as the work experience boy, eventually becoming editor in 2013. He worked for Auto Express as editor-at-large and was the face of Carbuyer’s YouTube reviews. In 2020, he went freelance and now writes for a number of national titles and contributes regularly to Car Dealer. In October 2021 he became Car Dealer's associate editor.

More stories...

Heycar Advert
Server 108