article featured image


LockBit ransomware allegedly breached Pendragon Group, a U.K.-based auto dealer group with over 200 locations, and demanded $60 million in exchange for decrypting files and promising not to release them.

Pendragon PLC is one of the most successful automotive retailers in the world, owning automotive trade brands such as Evans Halshaw, Stratstone, CarStore, Pinewood, Quickco, and Pendragon Vehicle Management. These franchises sell cars for a variety of brand names and for budgets that range from luxury such as Aston Martin, Ferrari, Jaguar, Mercedes-Benz, MINI, and Porsche to more affordable ones like Citroen, Dacia, DAF, DS, Ford, Hyundai, Kia, Nissan, Peugeot or Renault.


Pendragon confirmed the security incident in an official statement but refrained from giving any details other than it would not affect their operations.

We have identified suspicious activity on part of our IT systems and have confirmed we experienced an IT security incident. This has not affected our ability to operate, and we continue to service our customers and communities as normal.


LockBit Ransomware Group, Behind the Attack

Even so, as Bleeping Computer explained, on the 21st of October, in an interview for The Times, the company’s Chief Marketing Officer, Kim Costello, mentioned that the attack was performed by the LockBit ransomware group a month ago.

Costello says the corporation contacted the hackers and received stolen files as proof of the incident, but did not negotiate. He also added that hackers demanded “tens of millions of dollars before a deadline” or risked releasing the stolen information. According to the British newspaper, the LockBit demanded a $60 million ransom.

As stated by the company’s spokesperson, Pendragon is not going to back down from its decision to not pay the attackers. The company also reported the attack to U.K. law enforcement and the data protection authority. The representative also added that Pendragon’s IT team responded promptly to the incident and that the hackers stole only 5% of the database.

Bleeping Computer also points out that LockBit’s attack on Pendragon coincides with a £400 million takeover offer from Swedish motor company Hedin Group.

If you want to learn more about how to prevent a ransomware attack, you can read the piece that my colleague Dora wrote about this subject – available here.

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *