Get the latest on CDK cyberattack: DMS restored in select locations

June 30, 2024
2 mins read

TLDR:

  • CDK Global is in the process of restoring various applications after a cyberattack.
  • The cyberattack was carried out by a group called BlackSuit and impacted 15,000 auto dealerships in North America.

More than a week after CDK Global’s systems were shut down due to a cyberattack, the company is working on restoring its applications for auto dealerships. CDK is gradually bringing dealerships back online, but expects to have all dealers live by June 30. The cyberattack, carried out by a group called BlackSuit, resulted in the shutdown of the company’s systems and impacted businesses across North America.

Key Points:

  • CDK Global is restoring applications for auto dealerships after a cyberattack.
  • The cyberattack was carried out by a group called BlackSuit and impacted 15,000 dealerships.

CDK Global update: After cyberattack, some systems go live

More than a week after CDK Global’s shutdown upended operations for thousands of car dealerships, the software provider said it is in the process of restoring various applications. Cyberattacks last week against the company prompted CDK to shut down most of its systems, leaving some car dealerships to resort to handwritten forms to continue operations. The company’s cloud-based software helps more than 15,000 auto dealerships across North America manage vehicle acquisitions, sales, financing, insuring, repairs and maintenance. CDK is continuing a “phased approach” to restoring customers’ software, according to a company statement. It has so far brought two small groups of dealers and one large publicly traded dealer group live on its Dealer Management System. It is also working to bring back additional applications and its customer care channels. CDK told customers earlier this week it does not expect to get “all dealers live” before June 30.

Details about the cyberattack:

Multiple outlets reported Recorded Future ransomware analyst Allan Liska identified BlackSuit as the hacking group behind the cyberattack on CDK. Recorded Future did not immediately respond to a Friday request for comment. BlackSuit is a newer cybercriminal team that spun off an older, Russia-linked hacking group called RoyalLocker, according to Reuters. Security firm Recorded Future says the group has breached at least 95 organizations across the globe. Cybercriminals are a growing threat to target car dealerships, with 17% of 175 surveyed dealers experiencing a cyberattack or incident within the past year, up from 15% the year prior, according to a 2023 CDK report. Of those dealers, 46% said the cyberattack had a negative financial or operational impact.

How are dealers being impacted?

Thad Szott, whose family owns dealerships in Michigan, told the Detroit Free Press the shutdown had a dramatic effect on all five of his dealerships. “Some of it is manual now. But it is much clunkier internally, more cumbersome internally, to process simple things like repair orders or work a car deal,” he told the Free Press, part of the USA TODAY Network, last week. Craig Schreiber, one of the owners of the Northtown Automotive Companies in New York, told USA TODAY the company was able to go “old school” and use handwritten, manual forms in its departments after CDK’s systems were shut down. J.D. Power and GlobalData say new car sales likely took a hit from the cyberattack, and expect U.S. retail sales in June to be down about 5.4% from last year.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and