GEOFF BENNETT: Thousands of car dealers across North America have been forced to revert to pen and paper after a software company they rely on was hit by several cyberattacks last week.

The outage has not only caused delays and inconveniences for customers, but has also raised major questions about whether sensitive data was compromised.

William Brangham joins us now.

William, tell us more about this company.

WILLIAM BRANGHAM: Geoff, the company that was hit was called CDK Global, and they provide internal software systems for about 15,000 different car dealerships in America and Canada for all their internal computer systems.

We spoke with one dealer in the greater Philadelphia area.

DREW PEARLMAN, General Manager, O'Neil Nissan: We're writing everything by pen and paper and by hand, but we can't go into our back end systems and see what the actual warranty costs are on things or what things are actually going to cost.

And we -- it just -- it's a manual process now that takes a lot longer, especially in service.

And then, when we talk about the sales part of it, that gets even crazier, because that has a lot of compliance components, such as credit, your red flags, your OFACs, and all of those things which integrate into CDK.

WILLIAM BRANGHAM: Since very little has been publicly said about who hacked this system, whether the attackers are demanding a ransom and when the system might return to normal, we thought it's a good idea to check in with someone who could help us understand what is going on.

Chris Krebs used to run the federal government's lead cybersecurity agency, and he is now chief intelligence and public policy officer at SentinelOne.

Chris Krebs, welcome back to the "News Hour."

Can you give us your best understanding of what's actually going on here?

CHRISTOPHER KREBS, Former Director, U.S. Cybersecurity and Infrastructure Security Agency: William, thanks for having me on.

So this is, unfortunately, part of a larger surge in ransomware attacks on U.S. businesses that we have seen recently.

You might remember, a couple months ago, we had UnitedHealthcare and Change Healthcare hit by a ransomware event.

This is just another string in this Eastern European and Russian criminal gangs that are hitting U.S. businesses.

My understanding is that CDK was hit last week.

They tried to restore operations.

They were subsequently hit by a second attack.

That is not unusual.

In fact, we see that quite often as organizations try to rush back and hurry back to getting operations back up and running.

So now they are in the process of containing, which means trying to get the ransomware operators out of their network, and get safe, secure operations back up to support their customers.

WILLIAM BRANGHAM: So this is not an attack on what we would call critical infrastructure.

I mean, car dealerships -- if car sales are slow, it's bad for the economy, but they will eventually pick back up again.

So this, as you're indicating, suggests that these are criminals who have done this because they're trying to squeeze money out of the company.

Is that right?

CHRISTOPHER KREBS: Absolutely.

And the unfortunate part of all of this is that the amounts that are being demanded by these cyber-criminals is only increasing.

We're seeing millions, if not tens of million dollars of demands.

Now, we don't have official numbers on what this group may have demanded from CDK just yet, but it has been $20 million to $30 million in the average lately.

And, yes, you know what?

This might not be critical infrastructure, but it sure does affect us.

It affects someone that's trying to go out there and get a new vehicle, if their old vehicle broke down.

So it's unfortunately part of a kind of a bigger mental attack on the United States and our people.

WILLIAM BRANGHAM: I know that there's a lot of debate over whether or not paying these ransoms is a good idea.

Where do you come down on that argument?

CHRISTOPHER KREBS: I think the unfortunate reality is that paying only benefits the attacker.

It rewards them and that's why the United States is getting disproportionately affected by ransomware.

Yes, you have cybersecurity incidents in Europe and the United Kingdom and elsewhere, but because we pay at a higher clip here in the U.S., the bad guys are coming here and they're hitting our businesses pretty hard.

I would suggest, though, that we think about this at a higher level, where this is not just some random cyber criminals.

There is a geopolitical element to ransomware as well, where it fits into Russia and the Kremlin's bigger strategy to attack the West, to attack the United States, so that we're talking about this tonight on TV, so that we're experiencing this, we're being inconvenienced, we're scared of more and more cyberattacks.

So, ultimately, this does, I believe, play into Putin's overall strategy.

WILLIAM BRANGHAM: Given the amount of these ransomware attacks, as you have been describing, what is going on here?

Is it just that this is a very hard thing to defend against, or are our companies not taking this that seriously?

Like, what is the weak link here?

CHRISTOPHER KREBS: Well, it's a combination of factors.

I talk about the three-legged stool of ransomware.

First is that businesses continue to manage their enterprise, their networks in a way that's unfortunately not entirely secure, that gives the bad guys an opportunity to come in.

And, sometimes, it's not their own fault.

It's the products or services that companies are using that are vulnerable and, therefore, subject to exploitation.

The second really is the monetization of these vulnerable and misconfigured networks.

The bad guys have figured out that they can use cryptocurrency to hold at ransom American and other companies.

They can pull value out and take it to places where -- the third leg of the stool, where they can't be held accountable, and that's, many times, Eastern Europe and Russia.

So what are we going to do about this?

We need more aggressive responses by law enforcement and by the national security apparatus, which we have seen an uptick.

We have seen the U.S. government and the United Kingdom government go after a group known as LockBit and take them offline.

We need more and more of that.

WILLIAM BRANGHAM: All right, Chris Krebs of SentinelOne, always good to see you.

Thanks so much.

CHRISTOPHER KREBS: Thanks so much, William.