Data technology company CDK Global Inc., a major supplier of software to car dealerships in North America, has been hit by a cyberattack that has resulted in the company being forced to take its systems offline and clients being unable to process regular business transactions.

The attack occurred today as systems going offline at around 2 a.m. EDT. The company has yet to make an official statement on the attack, though a spokesperson provided some comments to media outlets.

A spokesperson told Bloomberg via email that the company “shut all systems down, executed extensive testing and consulted with external third-party experts.” The same report notes that the company’s core dealer management system and digital retailing solutions have since been restored and that CDK is also testing other applications before bringing them back online.

Founded in 2014, CDK provides data and technology solutions to the automotive, heavy truck, recreation and heavy equipment industries. The company’s software is deployed in over 15,000 dealer locations across North America and it employs more than 6,500 people.

BleepingComputer spoke today with Brad Holton, chief executive of Proton Dealership IT, a cybersecurity and information technology service firm for car dealerships, who said that the attack caused CDK to take two data centers offline. Holton noted that CDK has advised users to disconnect from the data centers as well, as they are used to deploy updates.

The disruption caused by the outage appears to be widespread. CNN reported that the software outage had caused issues at car yards throughout the U.S. and Canada during what is known as car buying season. The outage reportedly has prompted car dealers to resort to manually writing up orders and delaying other purchases that were already in the system.

Though the details of the outage are scant, thanks to CDK’s seeming reluctance to share details, the ransomware duck test comes into play: If it sounds like ransomware, it probably is. That CDK’s first response to the “cyberattack” was to take data centers offline would indicate that it was an attempt to stop the attack from spreading laterally across its network, which is typically seen in a ransomware attack.

Image: CDK Global