On June 18th of this year, CDK Global was hit with a cyberattack that led to the company shutting down operations that serviced thousands of auto dealerships across the United States. Let’s take a look at what we now know took place.
Who is CDK Global?
CDK Global is a U.S. software company that provides application software products for the automotive industry. These products assist automotive dealerships manage daily operations, schedule repairs, provide financing and insurance, order parts, and facilitate sales. They serve approximately 15,000 dealers throughout the U.S.
The company, in its present form, began in 2014. The name CDK is derived from the core acquisitions that make up the current company. C comes from Cobalt Digital Marketing, D from the ADP Dealer Services, and K from Kerridge Computer Company. In 2022, CDK Global was acquired by Brookfield Business Partners.
What happened?
Full details on the exact nature of the attack have not been made public, but it has been confirmed that the CDK was the victim of a ransomware attack.
The company subsequently shut down most of its systems and initiated what proved to be a lengthy restoration process.
An organization can be victimized by ransomware through some form of phishing attack, social engineering, or a software vulnerability, among other methods. The attack can target an individual, the company, or increasingly, a single organization but thousands of uses end up being impacted.
A ransomware attack typically compromises or locks up a company’s data and the perpetrators demand a financial ransom to release their hold or to refrain from other threats such as leaking sensitive data.
Who was impacted by the attack?
Beyond CDK Global itself, the attack compromised business operations for about 15,000 auto dealers and large car dealership companies, including Lithia Motors, Group 1 Automotive, Penske Automotive Group and Sonic Automotive. It also impacted automakers such as BMW, Nissan, and Honda.
Customers and potential car buyers faced delays and issues with transactions, in some cases people were unable to complete purchases. Scheduling vehicle maintenance became difficult.
What was the sequence of events?
On June 18, CDK Global was hit by a ransomware attack, which led to the encryption of critical files and systems. The attackers demanded an initial ransom of $10 million according to Bloomberg, but that increased to over $50 million.
On June 19, CDK Global shut down its IT systems. During efforts to recover from the initial attack, a second cyberattack occurred.
On June 22, the restoration process began.
On July 4, after a phased restoration process, all car dealerships were back up and running with CDK services.
During the course of events, it is reported that CDK Global ended up paying a $25 million ransom to the hackers, according to CNN.
Who was responsible for the attack?
The CDK Global cyberattack has been attributed to a ransomware gang known as BlackSuit.
BlackSuit first emerged in April 2023 and is thought to be made up of Russian and Eastern European hackers.
BlackSuit runs as a private ransomware group versus some form of ransomware-as-a-service (RaaS) operation where there are affiliates. Historically, the group has favored using double extortion ransomware, which combines ransomware with extortionware.
Since 2023, BlackSuit has targeted various sectors, including IT, government, healthcare, education, retail, and manufacturing.
Are car dealerships becoming more of a target for cyberattacks?
CDK Global’s own “2023 State of Cybersecurity in the Dealership” study was released in October 2023. The report found that 17% of surveyed automotive retailers fell victim to a cyberattack or incident in the past year, up from 15% the previous year.
As a result of the CDK Global ransomware attack, car dealerships overall have reported an increase in attacks. Multiple dealerships have reported phishing attacks and scammers posing as CDK representatives trying to help with the outage.
According to Chainalysis, a crypto tracking firm, cybercriminals, in general, extorted a record $1.1 billion in ransom payments from victim organizations around the world last year despite US government efforts to cut off their money flows.
For more information on how to protect your company from cyberattacks, contact wedoIT.