Automotive data firm Autovista blames ransomware for service disruption

What happened

Autovista has confirmed it called in outside specialists to clean up a ransomware infection affecting systems in Europe and Australia, and said it is working to contain the attack. The London-headquartered data and analytics provider says core applications — including tools for monitoring residual vehicle values and data-driven total cost of ownership (TCO) calculators — are disrupted, and it does not yet have a firm timeline for restoring services. “Our top priority is to securely restore impacted applications,” the company said, adding that investigations are ongoing.

Customer impact and guidance

Email access for some staff has been pulled and customers have been told to check Autovista’s website for updates; the firm provided a group email address for urgent contact. It has been reported that some customer organisations told employees to block inbound mail from Autovista Group companies, to sanitise files that contain links, and to delete associated executables — a sign of real fear on the front lines. Who feels that pinch? Manufacturers, dealers, insurers, telematics firms and repair shops that lean on valuation and specification feeds. Not ideal when pricing and stock decisions rely on those feeds.

Investigation and context

Third‑party experts are on the case to establish the root cause; Autovista says it’s too early to say how the criminals got in. No established ransomware group has yet claimed responsibility. JD Power acquired Autovista Group in 2024 — brands such as Eurotax, Glass’s, Rødboka and Schwacke all link to the same security advisory — underscoring the wider potential ripple effects across markets that depend on shared automotive data. Data is gold these days, and attackers are treating it like a treasure map.

Sources: The Register