A cyberattack crippled Range Rover production. The reboot is proving tough.

A cyberattack discovered late last month prompted the Range Rover maker to power down its operations, a response that could cost the company tens of millions of dollars and threatens jobs across its supply chain.

The British company is now racing to restart its systems safely with the help of top cybersecurity experts flown in from around the globe. On Tuesday, it said the process “will take time" and extended the shutdown—previously expected to end Wednesday—to Sept. 24.

The company has also said some data was compromised, having initially said there was no evidence of stolen customer information.

JLR is working with the U.K.’s National Cyber Security Centre—part of Britain’s GCHQ signals-intelligence agency—to investigate the hack and with government ministers in London to minimize the ripple effects through its supply chain. The company declined to comment.

Hackers belonging to a trio of infamous cybercriminal groups—Lapsus$, ShinyHunters and Scattered Spider—appeared to claim responsibility on a joint Telegram channel that went by the name “scattered LAPSUS$ hunters 4.0" before it was taken offline Tuesday.

“Rip bozooo #JLR," “Full SRC codes too," and “We backdooring all yo CARS," the authors wrote in rapid-fire messages on Sept. 3, after sharing a screenshot that appeared to come from a carmaker’s internal system. SRC is short for source, suggesting that the hackers are claiming to have JLR’s source code—a potentially serious breach.

Cyber experts say the groups, which consist largely of young men and teenagers, are capable, but the boasts they broadcast need to be treated with a high level of skepticism.

Two or three screenshots aren’t enough to assess the credibility of their claims, according to a researcher at Israeli cybersecurity company Kela.

The cyberattack comes at a difficult moment for JLR. This year, President Trump’s trade policy has increased the tariffs due on the vehicles the automaker ships from Europe to the U.S., its most important market. Profit almost halved year over year in its most recent quarter.

The profit impact of the hack could be the equivalent of almost $7 million a day, according to an estimate of lost sales by John Bailey, a professor at Birmingham Business School. JLR continues to pay its production workers even though they aren’t coming to work.

Some losses could be covered by insurance. A JLR spokesman said the company would discuss the financial impact in its next results.

Still, with net cash on its balance sheet and owned by Indian conglomerate Tata, JLR is in a relatively strong position. Before the increase in U.S. tariffs, the company was more profitable than it had been for years thanks to the popularity of its sport-utility vehicles, particularly in the U.S.

JLR assembles its top-end Range Rovers at the historic Land Rover factory in Solihull, England, just outside Birmingham. Other models come from an old Ford plant near Liverpool, while the company in 2018 also opened a factory in Slovakia that makes the new Land Rover Defender. All three plants are affected by the shutdown.

Concerns in Britain center on JLR’s network of small suppliers, which rely on steady production at the company’s U.K. factories for a big chunk of their business. JLR was Britain’s second-largest vehicle manufacturer by volume last year, and the companies that send parts to its factories “just in time" for final assembly—common practice in today’s auto industry—employ roughly 100,000 staff.

Members of Parliament last week called on the country’s Treasury to support JLR’s supply chain with “emergency Covid-style economic support mechanisms." The Treasury has yet to respond. JLR executives are in daily dialogue with the government.

The company won’t necessarily lose sales as a result of the shutdowns. In the U.S., dealers had 113 days of supply of Land Rovers and Range Rovers in August, according to Cox Automotive, among the highest in the industry.

Meanwhile, the Jaguar brand, whose luxury sedans have long struggled to compete with their German rivals, is all but dormant: Existing models are no longer in production and a new generation of more expensive electric vehicles aren’t due to be launched until next year. A fuchsia-infused video clip to celebrate the relaunch at Miami Art Week last December attracted jibes, including from Tesla Chief Executive Elon Musk, for not including any cars.

This isn’t the first time JLR has been hit by a cyberattack. The automaker was the victim of an incident in March that was claimed by a hacker who goes by the name Rey. The same individual was among those bragging about the most recent attack on Telegram. Kela’s analysts have traced Rey to Jordan.

Scattered Spider, one of the loose groupings of hackers on the Telegram channel that claimed the latest attack, brought chaos to MGM Resorts on the Las Vegas Strip in 2023. It is also suspected to be at least in part behind a spate of high-profile cybersecurity breaches at British retailers earlier this year. Marks & Spencer, one of Britain’s largest retailers, said a hack that brought down its online-clothing store for weeks ended up costing it the equivalent to $410 million.

Three men and one woman, with ages ranging from 17 to 20, were arrested in July as part of an investigation into the retailer cyberattacks by Britain’s National Crime Agency. Three of the suspects were based in the U.K.’s West Midlands region, where much of Britain’s car industry is located. The individuals are now on conditional bail.

In recent days, the rowdy Telegram channel through which the hackers communicated publicly included a series of vague apologies. On Tuesday, it was abruptly taken offline.

Write to Stephen Wilmot at stephen.wilmot@wsj.com