Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response

CDK Begins Restoring Systems Amid Ransomware Payment Reports

Auto Dealership Software Firm Says Restoring Service Will Take 'Days and Not Weeks'
CDK Begins Restoring Systems Amid Ransomware Payment Reports
CDK Global supplies software solutions to an estimated 15,000 car dealerships in the U.S. and Canada. (Image: Shutterstock)

A back-end software provider for thousands of auto dealerships in the United States and Canada has started to restore operations after consecutive cyber incidents forced the company to shut down systems, a spokesperson told Information Security Media Group.

See Also: Webinar | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

CDK Global, the auto dealership software solutions firm that suffered a cyber ransom attack Wednesday, said the company launched an investigation with third-party experts and has "begun the restoration process" after notifying customers and law enforcement about the incident.

"Based on the information we have at this time, we anticipate that the process will take several days to complete," a CDK Global spokesperson said Monday. "In the interim we are continuing to actively engage with our customers and provide them with alternate ways to conduct business."

The spokesperson declined to comment on whether CDK plans to pay tens of millions in ransom to a hacking group called BlackSuit, which has since claimed responsibility for the attack, as has been reported. CBS reported the company sent a memo to customers Saturday saying the restoration process would take "several days and not weeks" and warning dealerships to beware of a potential increase in phishing scams.

The weekend note to customers was the first time the company described the incident as a "cyber ransom event." Multiple car dealerships - including Group 1 Automotive Inc., which has more than 200 dealerships in the U.S. and United Kingdom - then disclosed that the cyberattack affected their business operations.

The company was forced to immediately activate cyber incident response procedures and isolate its systems from CDK's platform, it said in a regulatory filing. Other major auto dealerships - including Penske, Sonic Automotive and Lithia Motors - warned the Securities and Exchange Commission that their operations also had been affected.

Approximately 15,000 auto dealerships in the U.S. and Canada use CDK software to manage and maintain records, sensitive data and communications about customers and negotiated deals. Cliff Steinhauer, director of information security and engagement for the National Cybersecurity Alliance, previously told Information Security Media Group the incident highlights the devastating impact of attacks on third-party managed infrastructure (see: Auto Dealerships Using CDK Global Hit With Cyber Disruptions).

"This incident not only disrupted essential operations across a vast network of dealerships but also exposed significant vulnerabilities in digital infrastructure and customer data management systems," he said.

Bloomberg first reported that BlackSuit demanded millions of dollars in ransom after the alleged hacking group took responsibility for the attack. BlackSuit comes from the Royal ransomware-as-a-service group, which is a branch of the now-defunct Conti ransomware operation (see: Conti's Legacy: What's Become of Ransomware's Most Wanted?).

Car dealerships across the U.S. reported resorting to using paper to keep records - and even shutting down new business entirely.

CDK Global publishes an annual report on the state of dealership cybersecurity, and in 2023 it said: "Protecting your data to avoid IT-related business interruptions, ransom demands and reputation damage has never been more important."


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.