The recent IT outage affecting CDK Global and numerous North American car dealerships has been attributed to the BlackSuit ransomware gang, as confirmed by multiple sources familiar with the incident.
According to reports, CDK is currently engaged in negotiations with the ransomware operators to obtain a decryptor and prevent the leak of stolen data. This development follows Bloomberg’s disclosure that CDK had initiated talks with the threat actors.
The attack compelled CDK to enact extensive protective measures, including the shutdown of its IT systems and data centers, which are integral to its software-as-a-service platform used extensively in car dealership operations.
Efforts to restore services were initially attempted but were thwarted by a subsequent cybersecurity incident, necessitating a complete shutdown once more.
As a consequence of these disruptions, affected car dealerships have resorted to manual methods, such as pen and paper, to manage sales, service, and other critical functions. This outage has significantly hampered business operations, with reports indicating instances where car purchases and service requests could not proceed due to IT downtime.
The impact extends beyond CDK itself, affecting major automotive dealership groups like Penske Automotive Group and Sonic Automotive, both of which rely on CDK’s dealer management system.
These companies have implemented contingency plans to mitigate disruptions and continue operating through alternative processes while investigations into the incident remain ongoing.
The BlackSuit ransomware gang, which emerged in May 2023 following the rebranding of the Royal ransomware operation, has been implicated in multiple high-profile attacks. Linked to the Conti cybercrime syndicate, BlackSuit shares similarities in tactics and encryption methods with its predecessor.
Its activities have garnered attention from law enforcement, with a joint advisory from the FBI and CISA highlighting their significant impact on global organizations, including substantial ransom demands exceeding $275 million.
In response to the ongoing situation, CDK has also issued warnings about unauthorized attempts by threat actors posing as company representatives to gain access to dealership systems.
Despite outreach to CDK for further details, responses have not yet been provided, reflecting the evolving nature of the incident and the challenges faced by affected parties in mitigating its repercussions.
