The problem? Ransomware, invited in through a malicious email. And Arrigo Automotive Group, based in West Palm Beach, is not alone: Dealership advisers say hackers who lock down an organization's computer system in exchange for a ransom demand are getting more sophisticated, and they're increasingly targeting dealerships.
Arrigo called his experience a cautionary tale and urged dealerships to take the threat seriously.
"We've always heard all these horror stories" about cyberattacks, Arrigo, the group's president and owner, told Automotive News. "You never would have thought it would have happened to you. How in the world do they select you?"
It's an escalating problem.
Crowe LLP, an accounting and consulting company that works with dealerships, has at least six dealer clients that have experienced ransomware attacks in the past 10 months, Anthony Allison, a Crowe partner, said last week. That number is up significantly compared with the previous year or two.
Helion Technologies, a dealership IT consulting company, is contacted about a successful dealership ransomware invasion about once a month, said Erik Nachbahr, its president. Ransomware has gained attention as more people openly discuss it, he said.
In the past six months, Proton Technologies, a dealership IT consulting group, has worked with the FBI on three ransomware cases, CEO Brad Holton said. Proton is working with Arrigo's group to rebuild its system.
At least four city governments reportedly were hit this month alone, including New Orleans.
Businesses also are targets, and IT consultants say dealerships are vulnerable in part because they often run outdated software and don't invest in robust enough safeguards.