Car dealerships across the US have been forced to shut down after a software provider was hit by a ransomware attack.
The attack, believed to have been carried out by a black-suited ransomware group, took down the IT systems and data centers of CDK Global, the maker of a platform widely used by car dealerships for their daily operations.
Dealers across the country who rely on CDK’s Dealer Management System (DMS) are reporting they are no longer able to access customer records, schedule appointments, process sales or even print repair details.
The hack forced many dealers to resort to pen-and-paper processes.
CDK’s client list is thought to include around 15,000 car dealerships, so the impact will be significant.
according to Media CoverageCDK was able to temporarily restore some of its services last week, but was forced to shut them down again following a second cyber attack.
Bloomberg reports The hackers have demanded a ransom of tens of millions of dollars from CDK Global, which the company is prepared to pay, according to a person familiar with the matter who spoke on condition of anonymity.
Industry experts Pointed the finger of blame The BlackSuit ransomware group:
The BlackSuit cybercrime group has been conducting ransomware attacks since May 2023, but this isn’t their first foray into the field: the group has close ties to the Royal ransomware group, which evolved from the remnants of the Russia-linked Conti group.
The BlackSuit ransomware encrypts data files on a victim’s system and adds a “.blacksuit” extension to the end of affected files before displaying a ransom note.
Anytime is fine!
Your security service was extremely inadequate in protecting your files from our experts. A blackmailer named BlackSuit attacked your system. As a result, all your important files were encrypted and stored in a safe location. server We will use it more in the future and put it on the web and into the public realm.
Currently, all your files are stored with us: financial reports, intellectual property, accounting, lawsuits and complaints, personal files, etc. We can solve this problem with just one touch.
We (BlackSuit) are ready to offer you the opportunity to get everything back if you agree to do business with us. You will have the chance to escape all possible financial, legal, insurance and many other risks and problems for a very small compensation amount.
You can review the safety of your system. All your files will be decrypted, data will be reset and your system will be kept safe.
By the author
The BlackSuit group has made a name for itself with a series of high-profile hacks, including ransomware attacks against the healthcare industry. While many of the victims have been based in the United States, all organizations, regardless of where they are in the world or what industry they are in, would be wise to remain vigilant against BlackSuit.
The devastating attack on CDK Global and its impact on thousands of car showrooms is a reminder to businesses of all sizes of the importance of strong cybersecurity defenses.
As we’ve said before, knowing how to respond in the first 48 hours after a cyberattack is crucial. The smart approach is to take proactive measures and have contingency plans prepared in advance.
It’s not a question of if you will be hit by a ransomware attack, but when. Step-by-step guide to ransomware remediation.
