Pendragon car dealer refuses $60 million LockBit ransomware demand


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Pendragon Group, with more than 200 car dealerships in the U.K., was breached in a cyberattack from the LockBit ransomware gang, who allegedly demanded $60 million to decrypt files and not leak them.

Pendragon owns CarStore, Evans Halshaw, and Stratstone luxury car retailer, that sell brands cars for all budgets, from Jaguar, Porsche, Ferrari, Mercedes-Benz, BMW, Land Rover, or Aston Martin, to Renault, Ford, Hyundai, Nissan, Peugeot, Vauxhall, Citroen, DS, Dacia, and DAF.

Pendragon did not provide many details about the security incident and limited the information to saying that there is no impact on operations.

"We have identified suspicious activity on part of our IT systems and have confirmed we experienced an IT security incident," Pendragon says in the security announcement.

However, in an interview for The Times publication on Friday, the company chief marketing officer, Kim Costello, pointed to LockBit rasnsomware gang as the culprit and said that the attack happened about a month ago.

According to Costello, the company has been in contact with the hackers and received stolen files as proof of the breach but did not engage in negotiations.

The hackers asked for "tens of millions of dollars before a deadline" under the threat of publishing stolen data, Costello added. According to the U.K. publication, the LockBit asked for a $60 million ransom.

The company spokesperson said that Pendragon stands firm on its decision to not pay the hackers.

After discovering the attack, Pendragon reported the incident to law enforcement in the U.K. as well as to the country's data protection office.

Pendragon's spokesperson also clarified that the company's IT team reacted immediately to the attack. Results from the investigation showed that the hackers stole only 5% of the database.

BleepingComputer contacted the company for more info about the stolen data and the impact it would have if the hackers leak it but received no response at publishing time.

LockBit's attack on Pendragon comes around the time the U.K. car dealer received a takeover offer of £400 million from the Sweden-based Hedin Mobility Group.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.