US Car Dealers Hit Hard by CDK Cyberattack
BlackSuit, a well-known ransomware group, has launched an attack on CDK Global, a leading software provider for the automotive industry. This has caused major problems for several car dealers in the United States.
At least six companies have reported to the Securities and Exchange Commission that this cyberattack has negatively impacted their operations. These companies include big names like Lithia Motors, Group 1 Automotive, Penske Automotive Group, Sonic Automotive, Asbury Automotive Group, and AutoNation.
Impact and Response
Less than a week after detecting the cyberattack, CDK Global decided to shut down most of its systems to protect its customers. In a statement to CyberScoop, Lisa Finney, CDK's senior manager of external communications, emphasized that this decision was made out of "an abundance of caution and concern."
Who is Behind This?
The tech news site Bleeping Computer reported that BlackSuit was responsible for this attack. This group demanded "tens of millions of dollars in ransom" from CDK Global, which serves nearly 15,000 auto dealer locations. Allan Liska, a threat intelligence analyst at Recorded Future, described BlackSuit as a "mid-sized ransomware as a service offering" but noted it has had several significant victims.
Connection to Other Cybercriminal Groups
BlackSuit appeared as a distinct group around April or May of 2023 and is believed to be a rebrand of the older Royal ransomware operation. According to the Cybersecurity and Infrastructure Security Agency, Royal had targeted more than 350 victims globally, demanding over $275 million. Furthermore, it is suspected that Royal might be connected to the notorious Conti ransomware operation, known for major attacks worldwide and links to the TrickBot malware operation.
Brett Callow, a threat analyst with Emsisoft, explained, "BlackSuit is believed to be connected to the Royal operation, which was believed to be connected to the Conti operation. This means CDK could well be dealing with very experienced cybercriminals who are used to negotiating large demands."
Current Status
As of now, BlackSuit has not posted any information about CDK Global on the website it uses for publicizing attacks. However, the group has claimed 76 victims since May 2023, mainly from the United States.
BlackSuit also recently posted a significant cache of data purportedly stolen from the Kansas City, Kan., Police Department.
This story will be updated as more information becomes available. As of June 24, 2024, additional SEC filings have confirmed that a fifth and sixth auto dealer have been impacted by the CDK attack.
By using a simple language and examples like "big car companies" and "shutting down systems to protect customers," this article aims to be understandable even to those who might not be tech-savvy. We hope this breakdown clarifies the CDK Global cyberattack and its impact on US car dealers.
Key Takeaways:
- Cyberattack on CDK Global by BlackSuit impacting major US car dealers.
- Operations disrupted for companies like Lithia Motors, Group 1 Automotive, and others.
- Significant ransom demanded, believed to be in the tens of millions of dollars.
Learn More:
- How to Protect Your Business from Cyberattacks
- What to Do If Your Company Is Attacked by Ransomware
- Understanding Cybersecurity: Basic Terms and Concepts
