CDK Global calls cyberattack that crippled its software platform a "ransom event"

CDK Global is now calling the cyberattack that took down its software platform for its auto dealership clients "a ransom event." 

In a note to clients Saturday, CDK for the first time acknowledged that the hackers that made its dealer management system, or DMS, unavailable to clients for days, are demanding a ransom to restore its systems. 

"Thank you for your patience as we recover from the cyber ransom event that occurred on June 19th," CDK said in a memo to clients on Saturday, according to a copy of the email obtained by CBS MoneyWatch. 

CDK added in the note that it has started restoring its systems and expects the process of bringing major applications back online "to take several days and not weeks."

Beware of phishing

In its memo, the company also warned car dealerships to be alert to phishing scams, or entities posing as CDK but who are in fact bad actors trying to obtain proprietary information like customers' passwords. 

A CDK spokesperson told CBS MoneyWatch that it is providing customers "with alternate ways to conduct business" while its systems remain inoperative. 

The cybercriminals behind the CDK attack are linked to a group called BlackSuit, Bloomberg reported on Monday, citing Allan Liska of computer security firm Recorded Future. In a June 21 story, the media outlet also said the hackers were demanding tens of millions of dollars and that CDK planned to pay the ransom. 

Liska didn't immediately respond to a request for comment. CDK itself hasn't pointed to any group behind the attack on its system that has disrupted car dealerships across the U.S. since last week. Companies targeted in ransomware schemes are often reluctant to disclose information in the midst of negotiations with hackers on a payment.

"Doing everything manually"

The hack has left some car dealers unable to do business altogether, while others report using pen and paper, and even "sticky notes" to record transactions. 

Tom Maoli, owner of Celebrity Motor Car Company, which operates five luxury car dealerships across New York and New Jersey, on Monday told CBS MoneyWatch his employees "are doing everything manually."

"We are trying to keep our customers happy and the biggest issue is the banking side of things, which is completely backed up. We can't fund deals," he said. 

Asbury Automotive Group, a Fortune 500 company operating more than 150 new car dealerships across the U.S., in a statement on Monday said the attack has "adversely impacted" its operations and has hindered its ability to do business. Its Koons Automotive dealerships in Maryland and Virginia, however, which don't rely on CDK's software, have been able to operate without interruption, the company said.  

Ransomware attacks are on the rise. In 2023, more than 2,200 entities, including U.S. hospitals, schools and governments were directly impacted by ransomware, according to Emisoft, an anti-malware software company. Additionally, thousands of private sector companies were targeted. Some experts believe that the only way to stop such attacks is to ban the payment of ransoms, which Emisoft said would lead bad actors to "quickly pivot and move from high impact encryption-based attacks to other less disruptive forms of cybercrime."

Earlier this year, the U.S. Department of State offered $10 million in exchange for the identities of leaders of the Hive ransomware gang, which since 2021 has been responsible for attacks on more than 1,500 institutions in over 80 countries, resulting in the theft of more than $100 million. 

In:
• Technology
• CDK Global
• Cybersecurity and Infrastructure Security Agency
• Cyberattack
• Ransomware

Megan Cerullo

Megan Cerullo is a New York-based reporter for CBS MoneyWatch covering small business, workplace, health care, consumer spending and personal finance topics. She regularly appears on CBS News 24/7 to discuss her reporting.