Automotive data provider Autovista confirms ransomware attack affecting European and Australian systems, with customers advised to block emails from the company while recovery efforts continue.
Automotive data and analytics company Autovista has confirmed it is dealing with a ransomware attack that has disrupted its services across Europe and Australia, forcing some customers to block inbound emails from the provider while recovery efforts continue.
In a public statement issued on Wednesday, the London-headquartered company acknowledged the incident and said it had brought in external cybersecurity experts to help contain the attack and restore affected systems.
Impact on Services
Autovista's suite of applications, which are built around its automotive data offerings, are experiencing disruptions. These services include tools that help automotive companies monitor residual values of their assets and trends affecting them, as well as data-driven total cost of ownership (TCO) tools.
The company's customer base spans manufacturers and dealers, body shops, insurers, telematics companies, and professional services outfits. All of these rely on Autovista's data and analytics platforms for critical business operations.
Current Status
"We know that getting this resolved quickly is important to you," Autovista stated in its update to customers. "Our top priority is to securely restore impacted applications, although we do not have a firm timeline on this yet."
The company has committed to keeping customers informed as its investigation uncovers additional relevant information, promising updates on restoration timing when available.
Due to the nature of the attack, Autovista has advised customers to monitor its website for further updates, as their usual contacts might be unreachable. Email access has been restricted for some staff members as part of the containment efforts.
For urgent communications, Autovista provided an alternative email address belonging to the wider Autovista Group.
Security Measures
Autovista's website remains online during the incident, though the company has not yet determined how the attackers breached its systems. Third-party cybersecurity experts are working to understand the root cause of the compromise.
The company was acquired by JD Power in 2024 and operates several brands including Eurotax, Glass's, Rødboka, and Schwacke. These brands provide similar vehicle valuation, specification, and repair-data services in different markets, and all have links to the same security advisory hosted on Autovista's website.
Customer Response
Anonymous sources have told The Register that some organizations have advised their staff to take precautionary measures, including blocking emails from all Autovista Group companies, sanitizing any files to remove links, and deleting any executables associated with them.
No established ransomware group has yet claimed responsibility for the attack on Autovista, which is unusual given that ransomware gangs typically publicize their successful breaches to pressure victims into paying ransoms.
This incident highlights the growing threat of ransomware attacks on data-driven businesses and the cascading effects such incidents can have on customers and partners. The automotive industry, with its complex supply chains and data dependencies, remains a prime target for cybercriminals seeking to disrupt operations and extract payments.
The Register has reached out to Autovista for additional comment on the scope of the attack and its recovery timeline.
Comments
Please log in or register to join the discussion