From Code to Chaos: BlackSuit Ransomware and The CDK Global Cyber Crisis

In recent days, the automotive industry has been hit by a significant IT outage that has disrupted operations for car dealerships across North America. The culprit? The notorious BlackSuit ransomware gang. In this blog post, we’ll delve into the details of the attack, its impact, and what it means for CDK Global and its customers.

The Incident

According to people familiar with the situation, the BlackSuit ransomware gang is responsible for CDK Global's significant IT failure and interruption to car dealerships throughout North America.

The conversations follow the BlackSuit ransomware assault, which led CDK to lock down its IT infrastructure and data centers, including its car dealership platform, to prevent the attack from spreading. The company attempted to restore services on Wednesday, but a second cybersecurity attack forced it to shut down all IT systems again.

The Attack

CDK Global, a leading provider of technology solutions for auto dealerships, found itself in the crosshairs of cybercriminals. 

While the company has yet to officially confirm the ransomware attack, multiple sources indicate that BlackSuit is behind the incident. The attack likely exploited vulnerabilities in CDK’s systems, leading to widespread disruption.

Impact on Dealerships

Two of the largest public car dealership companies, Penske Automotive Group and Sonic Automotive, disclosed that they, too, were impacted by the outages.

The fallout from the CDK Global outage has been substantial. Car dealerships rely heavily on CDK’s software for inventory management, sales, and customer service. 

With the systems down, dealers have had to resort to manual processes, including pen-and-paper record-keeping. Imagine the chaos in a busy dealership trying to manage sales, service appointments, and parts inventory without their usual digital tools.

Data Theft Concerns

Beyond the immediate operational challenges, there are serious concerns about data theft. Ransomware attacks often involve stealing sensitive information before encrypting files and demanding a ransom.

CDK Global must now investigate whether customer data, financial records, or other critical information has been compromised. The potential fallout from such a breach could be long-lasting and damaging.

Response and Recovery

In November 2023, the FBI and CISA published in a joint advisory that Royal and BlackSuit's encryptors use similar strategies and have coding overlaps.

CDK Global’s response to the attack is crucial. They need to assess the extent of the breach, restore systems, and enhance security measures. Communication with affected dealerships is equally important. Dealers need transparency about the situation, timelines for resolution, and guidance on how to navigate the outage.