Skip to content

Search the site

UK's largest Ford dealer confirms Conti ransomware attack

Dealer group without access to internal systems since March.

Updated at 16:30 BST to include TrustFord statement.

TrustFord, the UK’s largest Ford vehicle dealer group, has been hit by the Conti criminal ransomware gang, the firm acknowledged today.

As a result of the TrustFord cyber-attack branches were believed to be without access to the internet and the firm's internal systems. In a statement the company confirmed it had suffered a "cyber incident" but said it remained trading.

“TrustFord can confirm that some of its internal IT systems have been affected by a cyber incident. There is no impact to Ford Motor Company systems. TrustFord’s 65 sites in the UK and Channel Islands remain open and trading,” a TrustFord spokesperson told The Stack.

“Protecting customer data is our top priority and TrustFord has engaged third-party experts to investigate and contain this incident. TrustFord has also informed the appropriate regulatory authorities. Our relationships with customers are our foremost priority and we will make any notifications in line with our regulatory obligations.”

News of the TrustFord cyber-attack emerged as UK discount book retailer The Works revealed it had also been the victim of a cyberattack. Some of the retailer’s 520 stores have had to close, and stock deliveries were temporarily suspended, the firm said in a statement.

See also: We got hit by ransomware. This is how it played out

A statement on TrustFord’s website says: “While we are currently investigating an incident that has caused some ongoing internal system outages, we are open for business and able to answer your enquiries as usual using the website enquiry forms or by phone.”

The TrustFord cyber-attack may date from late last month, judging by a tweet to the company on 28 March, which asked if it had "no internet due to a Russian cyber attack". TrustFord did not respond to the tweet.

TrustFord is owned by Ford Motor Company, but operated as a stand-alone business, and does not share IT infrastructure with its parent company. It operates 65 dealerships across England and Northern Ireland.

In 2020 the group saw £1.4 billion in turnover, while in the first half of 2021 the group recorded turnover of £1 billion, and was targeting £2 billion in sales for the full year.

See also: The top three ransomware infection vectors remain troublingly consistent

The Conti ransomware group has been one of the most prolific and dangerous of the many criminal ransomware gangs currently operating, with only the flashy tactics of Lapsus$ overshadowing them in recent weeks. The TrustFord cyber-attack is the latest known attack on a UK company, following the breach of KP Snacks in February 2022.

But the Conti group has suffered its own breaches; following the group’s statement of support for Russia near the start of the country’s invasion of Ukraine, unhappy Ukrainian members of Conti promptly leaked vast amounts of internal data, including chat logs and Conti’s ransomware software, along with its decryptor.

The steady stream of new victims listed on Conti’s website shows the criminal group remains in operation. Typically Conti operates a dual-extortion model, trying to charge victims to unlock their data, and again to prevent public release of sensitive files.

Follow The Stack on LinkedIn

Latest