By Mike Davey
Hamilton, Ontario — March 14, 2016 — A recent “ransomware” attack on an automotive recycler has increased concerns about cybersecurity in the automotive aftermarket. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Usually the demand is accompanied by threats to delete all of the data if the criminal’s terms aren’t met.
Initially, reports indicated that the alleged perpetrator had claimed to be working for Car-Part.com to try to convince the recycler to provide access to their system. This was not an example of a computer intrusion, but an old-fashioned con done over the telephone. This is sometimes called “social hacking.”
However, a later statement from Car-Part.com indicates that the social hacking incident simply did not occur.
“There appears to be confusion in the auto recycling community resulting from the many social hacking and virus notices that were recently sent, and Car-Part.com would like to take this opportunity to clarify the situation. We now know that no Car-Part.com software, services, or employees were involved in the reported incident in any fashion,” according to the official statement from Car-Part.com.
The statement from Car-Part confirms that the reported social hacking did not occur. The recycler also confirmed that their system had been infected with a ransomware virus by opening an email. The email did not claim to be from Car-Part.com. Further, the incident described above did not happen on a Car-Part.com management system, but Car-Part.com would like to remind the public that these attacks can happen to anyone, regardless of the management systems or data collectors they use. It is always important to exercise best practices to protect against both social hacking and viruses.
“In our nearly 20 years of serving the auto recycling industry, Car-Part.com has not been responsible for either the introduction of a virus into a recycler’s system, or a data breach involving recycler data,” said Car-Part.com in the official statement. “Collecting recycler data in a secure manner and using the data only as authorized by recyclers has been our primary focus from the beginning. We appreciate the trust you have placed in us over the years and for helping build the Car-Part.com marketplaces, which serve over $5 billion in part searches per month.”
Ransomware attacks can be difficult to navigate. Even if the ransom is paid, there is no guarantee that the hackers will release your data. Security experts recommend keeping a separate copy of your data, backed up regularly, on a completely separate computer.