Toronto, Ontario — In recent days, the automotive recycling industry faced a significant challenge: a ransomware attack that disrupted operations across multiple systems and vendors.
While the exact cause is still being determined, early indications suggest the attack may have been perpetrated through a vendor’s support software installed on some yards’ servers. The investigation is ongoing, and more details will be shared as they are confirmed.
What is clear is how quickly and collaboratively the industry responded. Tech teams from Car-Part, Hollander, and others worked around the clock to restore systems, secure networks, and assist yards with recovery. Thanks to these efforts, most affected recyclers are now operational again.
How It Unfolded
The attack appears to have leveraged the remote access capabilities of support utilities installed on recycler servers. Once inside, attackers attempted to compromise connected systems. Some facilities reported hundreds of failed login attempts from unique IP addresses worldwide, targeting common usernames and weak passwords.
In some cases, it is suspected that static IP addresses from a compromised service may have been used to scan and target networks. While many yards had protections like multi-factor authentication, dedicated firewalls, and network segmentation, others were forced offline until systems could be isolated, cleaned, and restored from backup.
A Board Member’s Perspective: Marc Plazek
Marc Plazek, OARA Board Member and owner of Plazek Auto, was among those affected
“This was a wake-up call for everyone. Even with good protections, vulnerabilities can exist in the tools we use every day. The key is to have a plan, act quickly, and work together to recover.”
Marc noted that frustration in moments like this is understandable—but remaining calm, methodical, and collaborative leads to better outcomes.
Lessons for All Recyclers
This incident reinforces the need for some critical best practices:
- Maintain offline, segmented backups and test them regularly
- Enforce multi-factor authentication for all remote access
- Invest in firewall appliances or managed detection and response services
- Keep systems patched and close known vulnerabilities
- Limit internal network access so a compromise can’t spread unchecked
- Audit all installed remote support tools and ensure they are secure, updated and monitored
Looking Ahead
The investigation into the attack’s origin and impact continues. The OARA will provide updates as they are confirmed. In the meantime, we encourage all recyclers to review their cybersecurity measures, audit their remote access tools, and ensure they are prepared for future threats.
If you experienced issues during this attack or have insights to share, please contact the OARA’s office so your input can help inform best practices for the future.
