A salesman holding a clipboard is standing next to a car with a For Sale sign.

BlackSuit Ransomware Causes Major CDK Global Outage

BlackSuit ransomware recently hit CDK Global, causing a massive IT outage that has significantly interrupted operations at auto dealerships across North America. The ransomware group’s involvement in this cyberattack has been confirmed by several sources.

CDK Global, based in Austin, Texas, provides a SaaS platform that helps dealerships manage customer interactions, sales, finance, service, inventory, and back-office operations.

CDK a supplier to 15,000 auto dealerships, took down most of its systems following hacks on Tuesday and Wednesday of last week. The downtime has impacted critical dealership services such as CRM, payroll, and finance.

The U.S. Securities Exchange Commission (SEC) has received reports of interruptions from Lithia Motors, Group 1 Automotive, Penske, and Sonic Automotive because of CDK Global’s system downtime.

CDK Global is reported to be working with the ransomware group to receive a decryptor. The negotiations come after a ransomware attack led CDK to shut down its IT systems and data centers, including its auto dealership platform, to prevent the attack from spreading.

Another hack resulted from the company’s attempt on Wednesday to bring everything back online. They ended up turning off all the systems as a result. With the system unavailable, car dealerships are processing everything by hand due to the outage. Customers are unable to buy automobiles or obtain services.

According to Andrew Costis, the Chapter Lead of AttackIQ’s Adversary Research Team:

CDK is suffering from not one, but two cyberattacks that have caused the SaaS provider to shut down IT systems. Given the extensive reliance on this third-party vendor, the fallout from this attack reverberates throughout the entire automotive industry.

BlackSuit Ransomware Group puts pressure on CDK Global, demanding $50 million

CDK is planning to pay out the ransomware group that caused the downtime, given their short repair schedule. Most efforts to recover take many weeks or even months. Bloomberg News reports that the BlackSuit ransomware group allegedly carried out the attack against CDK Global.

A security expert at Recorded Future claims that the ransom demand is $10 million. Moreover, CDK plans to make the payment, according to an anonymous source that Fortune reported, though things might change at any time. Rumours on X indicate that during the weekend, this demand increased to $50 million.

The BlackSuit ransomware group, formerly known as the Royal cybercriminal group before its rebranding in November, is well-known for targeting the educational and municipal sectors in the United States. This gang first came up in early 2022, targeting the UK’s Silverstone Formula One motor racing track as one of its victims.

The US Cybersecurity and Security Infrastructure Agency (CISA) reports that by the end of 2023, BlackSuit had extorted over $275 million from at least 350 identified victims.

According to anti-malware company Emisoft, ransomware impacted more than 2,200 organisations in 2023, including governments, hospitals, and schools in the United States.

Earlier this year, the US Department of State made a $10 million reward for information on the Hive ransomware gang leaders. Since 2021, this group has targeted over 1,500 organisations in more than eighty countries, taking almost $100 million.

Phishing Tackle offers a free 14-day trial to help train users on these types of attacks and how to avoid them. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.

Recent posts