5 comments

[ 3.3 ms ] story [ 30.3 ms ] thread
CDK Global Summary from Bleeping Computer

  > "If you are not aware, we experienced an additional cyber incident late in the evening on June 19.
  > We continue to act out of caution, and to protect our customers, we have taken down most of our systems.  Do not attempt to access the DMS until we can confirm the system is secure. Digital Retail and CDK phones continue to be functional.
  > At this time, we do not have an estimated time frame for resolution and therefore our dealers’ systems will not be available likely for several days.
From CNN: https://www.cnn.com/2024/06/21/business/cdk-global-car-deale...

  > “My selling team can hand-write a buyer’s order,” said Brian Benstock, general manager of Paragon Honda and Paragon Acura in Long Island City, New York.
  > But salespeople could lack access to customer agreements that had been previously negotiated, making it harder to close those sales, dealers CNN spoke with said. There’s more than just the negotiated price of the car involved, since these agreements can involve rebates and incentives, some of which customers must show they’re qualified for.
From TheDrive: https://www.thedrive.com/news/auto-dealers-nationwide-go-bac...

  > CDK Global provides sales and service data for 15,000 auto dealers in the U.S. and jumps to a total of 30,000 when accounting for truck dealers, per Auto News.  CDK Global “dominates its market by a wide margin”.
From Fast Company: https://www.fastcompany.com/91144194/cdk-global-cyberattack-...

  > [CDK Global]'s “core” product, the dealer management system — is a software hub that allows car dealerships to track all sales operations in one place.
  > The cyber incidents impacting CDK come just a week after Findlay Auto Group, which operates dozens of dealerships in six states, announced that a recent cybersecurity issue had impacted its IT systems.
Further context from Reddit: https://www.reddit.com/r/Justrolledintotheshop/comments/1djl...

  > [magnanimous_rex] "Excel spreadsheets and post it notes for any parts we’re handing out. Any big jobs are not happening "
https://old.reddit.com/r/askcarsales/comments/1dk88un/anothe...

https://www.reddit.com/r/serviceadvisors/comments/1dk8uh8/th...

6/22/2024 update: Software company plans to pay tens of millions in ransom to hackers who crippled car dealerships across North America

https://fortune.com/2024/06/22/cdk-ransomware-attack-payment...

https://archive.ph/TAwVv

Since you're the only response @smcin (thanks for the update)

Further 6/25/2024 Update: Ransomware being demanded by group called Blacksuit (sounds like a wealth management company). Apparently believed to be a rebrand of the Royal ransomware operation, which is believed to be the direct successor of the notorious Conti cybercrime syndicate. https://www.bleepingcomputer.com/news/security/cdk-global-ou...

> In June 2023, the Royal Ransomware operation began testing a new encryptor called BlackSuit amid rumors that they planned to rebrand under a new name after they attacked the City of Dallas, Texas. Since then, attacks under the Royal name have disappeared, with the threat actors now working under the BlackSuit name.

> In November 2023, the FBI and CISA revealed in a joint advisory that Royal and BlackSuit share similar tactics and coding overlaps in their encryptors.

Many major automotive dealership and supply companies have filed SEC Form-8K's notifying shareholders of a "significant disruption to activities." Include: Group 1 Automotive, Sonic Automotive, Penske Automotive Group, Lithia Motors, and Asbury Automotive Group. https://www.theregister.com/2024/06/24/the_number_of_cdk_cus...

> According to Group 1 Automotive's filing, CDK told customers that recovery will be a matter of days rather than weeks

Other sites are skeptical of the link, because "as of Monday, CDK Global is not yet listed on the BlackSuit gang's dark web site, where the group would publicly list its victims to shame them into paying a hefty ransom" and CDK still will not respond. https://www.axios.com/2024/06/24/blacksuit-ransomware-cdk-gl...

People can buy cars (sometimes), yet often cannot register the car even after purchase or sign the title. https://www.cnn.com/2024/06/25/business/car-dealership-cdk-c...

> customers started being told that (the RMV) wasn’t taking any walk-ins,” he said. “They were probably getting flooded with customers and started turning people away.” Deveney said one customer got increasingly agitated because he couldn’t register his car. “Getting an appointment might take three or four days, and in that time they aren’t really able to drive their cars,” he added. ... “Today… I sent 21 registrations to be done manually at the Massachusetts RMV,” she said, adding that the RMV won’t accept transactions from dealership employees.

> Don Aycock told CNN he drove 90 miles round-trip from his home to a car dealership in Clay County, Florida, to buy a new Buick on Thursday, a day after the CDK shutdown. He told CNN he was able to buy the car but was unable to sign the title.

Class Action lawsuits are already starting. https://qz.com/cdk-global-sued-personal-data-cyberattack-185...

> Yuriy Loginov filed a potential class-action suit in the U.S. District Court in the Northern District of Illinois on Saturday, claiming CDK failed “to implement reasonable and industry standard data security practices to properly secure, safeguard, and adequately destroy Plaintiff’s and Class Members’ sensitive personal identifiable information.”

The amount of personal informatio...

Eerie to not see much discussion of this or the 500m-person TicketMaster data breach.

Is it in part because Blacksuit/Conti are partially based in Russia?

I only heard about this today

Data breaches of huge scale are humdrum nowadays