CDK Global to Pay Tens of Millions in Ransom to Attackers Disabling US Car Dealerships 

• Software provider CDK Global announced it plans to pay a hefty ransom after it was hit by a cyberattack.
• The ransomware attack, which occurred earlier this month, demands tens of millions for the decryption key.
• The IT outage affected some 15,000 car dealerships using CDK services across the U.S.

Retail technology and software provider CDK Global was struck by a severe ransomware attack on June 19, causing a significant disruption to nearly 15,000 car dealerships in the U.S. The group claims the hack demanded tens of millions of dollars in ransom. As the attack on the company’s systems continues, CDK Global is planning to make the payment in a bid to restore normalcy, according to Bloomberg. 

CDK Global is a software-as-a-service (SaaS) provider offering a dealer management system (DMS) for day-to-day processing that was disabled by the attack reportedly coming from a hacker group in Eastern Europe, and various sources say the culprit is the BlackSuit ransomware gang.

The DMS is used for stocking vehicles, ordering services or parts, deliveries, inventory, accounting, and the customer relationship management (CRM) system. Penske Automotive Group and Sonic Automotive, which announced the disruption of their services, are among the affected client companies.

The company managed to regain temporary access on the day of the attack, but a second wave of disruption brought the systems to a halt. CDK Global announced on Sunday they began working to restore their systems, a process that is expected to take several days.

The following day, CDK Global took the initiative to inform its customers about the security incident. The message underlined the urgency of the situation, as scammers may contact customers posing as CDK members or affiliates, and advised users to take immediate precautions.

BlackSuit is a suspected rebrand of the Royal ransomware operation, which is believed to be the successor of the Conti cybercrime group of Russian and Eastern European threat actors. Earlier this month, BlackSuit allegedly published hundreds of sensitive police files stolen from the Kansas City Police Department after the KCKPD refused to pay ransom.