Cyber Defense Advisors

Supply-chain ransomware attack cripples thousands of car dealerships

Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS

Car dealerships have been brought to a standstill across the United States after a software provider was hit by a ransomware attack.

The attack, believed to be by the BlackSuit ransomware gang, forced CDK Global, makers of a platform widely used by car dealerships to conduct their everyday business, to down its IT systems and data centers. 

Dealerships across America which rely upon CDK’s dealer management system (DMS) report that they have been unable to access customer records, schedule appointments, process sales, or even print out details of repairs. 

In the wake of the hack, many dealers have had to resort to processing work with pen and paper. 

The impact is considerable, as CDK is believed to have approximately 15,000 car dealerships in its client list.

According to media reports, CDK briefly managed to restore some of its services last week – only to be forced to deactivate them again after a second cyber attack.

Bloomberg reports that the hackers demanded a payment of tens of millions of dollars from CDK Global – a ransom, says an unnamed person familiar with the matter, the company is prepared to make.

Industry experts have pointed the finger of blame at the BlackSuit ransomware gang,

The BlackSuit cybercriminal gang has been launching ransomware attacks since May 2023, but that doesn’t mean that they are new to the game. The group is strongly linked to the Royal ransomware gang, which evolved from the remains of the Russian-linked Conti group.

The BlackSuit ransomware encrypts data files on victims’ systems, appending a “.blacksuit” extension to the end of affected files, before dropping a ransom note:

Good whatever time of day it is!

Your safety service did a really poor job of protecting your files against our professionals. Extortioner named BlackSuit has attacked your system. As a result all your essential files were encrypted and saved at a secure server for further use and publishing on the Web into the public realm.

Now we have all your files like: financial reports, intellectual property, accounting, law actions and complaints, personal files and so on and so forth. We are able to solve this problem in one touch.

We (BlackSuit) are ready to give you an opportunity to get all the things back if you agree to make a deal with us. You have a chance to get rid of all possible financial, legal, insurance and many others risks and problems for a quite small compensation.

You can have a safety review of your systems. All your files will be decrypted, your data will be reset, your systems will stay in safe.

The BlackSuit group has made a name for itself with a series of high-profile hacks, including ransomware attacks against the healthcare industry. Although many of its victims have been US-based, it would be wise for all organisations to be on their guard against BlackSuit, regardless of where they are in the world or their industry sector.

The devastating attack on CDK Global, and its impact on thousands of car showrooms, reminds businesses of all sizes about the importance of robust cybersecurity defences.

As we have discussed before, knowing how to respond, especially in the first 48 hours after a cyberattack, is critical. The sensible approach is to take proactive measures and have emergency plans in place in advance.

It’s not a matter of if, but when, your business will suffer a ransomware attack, so make sure to read Exponential-e’s step-by-step guide on ransomware remediation.