A ransomware attack recently struck CDK Global, a software company based in the USA, disrupting operations for thousands of auto dealerships nationwide.
This incident highlights the ongoing threat of ransomware in various industries. While such attacks can target individual victims, they often focus on a single vendor, impacting a broader user base.
The CDK Global breach, revealed on June 18, 2024, exemplifies this trend, as the ransomware compromised critical systems, leaving many users in a difficult position.
The ransomware attack significantly affected numerous automotive organisations due to CDK Global’s reputation as a reliable software service provider.
According to Anderson Economic Group, a consulting firm based in East Lansing, Michigan, the financial toll on vehicle dealerships exceeded $1 billion as a result of this incident.
What is the CDK Global?
CDK Global is a U.S.-based software firm specializing in automotive applications and services, catering to around 15,000 dealerships throughout North America.
The company primarily delivers processing solutions that enable automobile dealerships to efficiently handle daily operations, including vehicle sales, financing, insurance, and repairs.
Although officially established in October 2014, CDK Global has a long history, originating from ADP Dealer Services, which was founded in 1973.
CDK Global’s expertise is rooted in various predecessor firms, notably Cobalt Digital Marketing and Kerridge Computer Company, both of which were acquired by ADP Dealer Services.
The name CDK is derived from these acquisitions: ‘C’ represents Cobalt Digital Marketing, ‘D’ stands for the original ADP Dealer Services, and ‘K’ comes from Kerridge Computer Company.
In 2022, CDK Global was purchased by Brookfield Business Partners for $8.3 billion.
How did the CDK attack happen?
The complete details surrounding the CDK Global attack remain undisclosed, but it has been confirmed that the company fell prey to a ransomware incident.
Ransomware can infiltrate a target’s system through several methods, with phishing attempts aimed at acquiring administrative credentials being among the most common.
Social engineering tactics often accompany these phishing schemes, enhancing their effectiveness.
Additionally, a weakness within CDK Global’s software infrastructure may have played a role in the breach.
The complete details surrounding the CDK Global attack remain undisclosed, but it has been confirmed that the company fell prey to a ransomware incident.
Ransomware can infiltrate a target’s system through several methods, with phishing attempts aimed at acquiring administrative credentials being among the most common.
Social engineering tactics often accompany these phishing schemes, enhancing their effectiveness.
Additionally, a weakness within CDK Global’s software infrastructure may have played a role in the breach.
What dealerships are affected by the CDK cyberattack?
The cyberattack on CDK Global impacted numerous companies within the automotive dealership industry. This includes various dealerships and groups.
Car Dealerships
Around 15,000 car dealership sites across North America, encompassing both the United States and Canada, experienced disruptions.
Major automotive dealership companies like Lithia Motors, Group 1 Automotive, Penske Automotive Group, and Sonic Automotive informed the Securities and Exchange Commission (SEC) about these interruptions.
Automakers
Numerous car manufacturers, such as BMW, Nissan, and Honda, recognized the effects on their dealership activities.
Customer
Car buyers faced delays and complications in their transactions due to dealerships relying on manual processes.
This disruption hindered customers from completing purchases or getting their vehicles serviced as they typically would.
Additionally, some dealers and customers reported phishing attempts from hackers trying to exploit the chaos caused by the ransomware incident.
CDK Global
The company was forced to disable most of its systems and embark on a lengthy recovery process.
Timeline of attack
The timeline of the CDK Global attack is as follows:
On June 18, 2024, CDK Global fell victim to its inaugural ransomware attack, leading to the encryption of vital files and systems.
Investigations revealed that the notorious BlackSuit ransomware group, based in Eastern Europe and Russia, was behind the breach.
They have demanded a ransom from CDK Global, with initial requests starting at $10 million, which has since escalated to over $50 million, as reported by Bloomberg.
As a result of the ransomware attack, CDK Global shut down its information technology infrastructure.
A second hack struck the organisation while it was still recovering from the first.
On June 22, 2024, CDK Global began its repair efforts. According to Bloomberg, the company intends to allocate tens of millions of dollars for ransom payments.
By July 4, 2024, following a carefully orchestrated recovery process, all vehicle dealerships are expected to be fully operational with CDK services restored.
Who was responsible for the CDK Global Cyberattack?
The recent cyberattack on CDK Global has been attributed to the BlackSuit ransomware group.
Emerging in April 2023, BlackSuit has ties to the more established Royal ransomware gang and possibly the Conti organization as well.
This group, primarily composed of Russian and Eastern European hackers, operates as a private entity rather than a ransomware-as-a-service model.
Known for its double extortion tactics, BlackSuit combines ransomware with extortion methods.
The group has previously targeted various sectors, including healthcare, education, IT, government, retail, and manufacturing.
Notably, the Kansas City police department is among its victims, with BlackSuit claiming to have leaked hundreds of sensitive police files on June 18, 2024, after the department did not meet their ransom demands.
What is the biggest impact of this attack?
The ransomware attack on CDK Global had a significant ripple effect, severely disrupting the North American automotive sector.
The company was forced to shut down most of its operations, including IT systems, phone lines, and applications, leading to widespread chaos among approximately 15,000 affected auto dealerships.
Dealerships faced numerous challenges, such as being unable to access dealer management systems, difficulties in tracking and ordering parts, and complications in finalizing sales and financing.
Many had to revert to manual processes, with some even sending employees home due to the operational paralysis.
The financial repercussions were substantial, impacting payroll for dealership staff and incurring high costs for temporary solutions.
Some dealerships likely experienced lost sales opportunities as they struggled to complete transactions.
Customers also felt the effects, facing delays in purchasing vehicles and scheduling service appointments. Moreover, the breach raised serious concerns about data security, as the ransomware group gained access to sensitive customer and corporate information.
