CDK outage: Car dealerships’ software shut down after cyberattack
A ransomware incident involving key automotive software provider CDK Global has significantly impacted major U.S. auto dealers. According to recent filings with the Securities and Exchange Commission (SEC), six prominent automotive dealers have reported disruptions to their operations due to the attack.
The affected companies—Lithia Motors, Group 1 Automotive, Penske Automotive Group, Sonic Automotive, Asbury Automotive Group, and AutoNation—have all noted negative impacts on their business following the ransomware attack on CDK. CDK Global, which provides software to nearly 15,000 auto dealer locations, detected the cyberattack less than a week ago and promptly shut down most of its systems as a precaution.
The Ransomware Attack
The ransomware group BlackSuit has been identified as responsible for the attack. BlackSuit, which emerged in early 2023, is considered a mid-sized ransomware as a service operation with several significant victims. The group demanded “tens of millions of dollars in ransom” from CDK, according to reports.
Allan Liska, a threat intelligence analyst at Recorded Future, described BlackSuit as a notable player in the ransomware landscape, indicating that CDK Global is dealing with experienced cybercriminals accustomed to negotiating large ransom demands.
Background on BlackSuit
BlackSuit is believed to be a rebrand of the dormant Royal ransomware operation, which in turn was thought to be connected to the infamous Conti ransomware group. Conti, known for its major global attacks, had ties to the TrickBot malware operation, which the U.S. government linked to Russian intelligence services.
Despite the significant impact on CDK Global, BlackSuit has not yet posted any information about CDK on its site, which it uses to publicize data from targets that fail to pay ransoms. Since May 2023, BlackSuit has claimed 76 victims, most of them in the United States, and recently released a large cache of data purportedly stolen from the Kansas City, Kansas, Police Department.
Impact on the Automotive Industry
The cyberattack has created widespread operational disruptions for U.S. car dealers, highlighting the vulnerability of critical industry software providers to sophisticated ransomware attacks. The fallout from the CDK Global incident underscores the growing threat posed by ransomware groups and the significant challenges they present to businesses across various sectors.
#Cybersecurity #Ransomware #AutoIndustry #CDKGlobal #DataBreach