CDK Global brought a “small initial test group” of auto dealerships back online, a week after a ransomware attack affected the operations of thousands of dealers across the U.S.
“We have successfully brought a small initial test group of dealers live on the Dealer Management System (DMS), and once validation is complete, we will begin phasing in other dealers,” stated CDK Global in emailed comments to the media June 26. “We understand and share the urgency for our customers to get back to business as usual, and we will continue providing updates as more information is available.
The company said it’s working to bring additional applications back online, such as its customer relationship management and service solutions, as well as its customer care channels.
CDK Outage
CDK Global, whose software is used at 15,000 auto dealers, was first attached on June 19 around 2:00 a.m. EDT, that hampered operations at U.S and Canada dealerships. The company was able to restore some functions began to come back online by Wednesday afternoon—but its systems were attacked again before the business day started on Thursday, June 20 and have been down since.
Several major auto companies—including Stellantis, Ford and BMW—confirmed last week that the CDK outage had impacted some of their dealers, but that sales operations continue as dealers resorted to pen and paper to work deals.
Group 1 Automotive said it dealerships continue to conduct business using “alternative processes,” while AutoNation, with over 300 dealerships in the U.S., reported the cyberattack impacted their dealership operations, including sales, service, inventory, customer relationship management, and accounting functions.
Toll on Customers, Dealers
In San Antonio, Ancira Auto Group officials noted last week that using the CDK software makes it easier for dealers to do business in a short amount of time. “So it’s beneficial to the customer as well,” said April Ancira, vice president of Ancira Auto Group, who added her employees are relying on some of their former techniques and technology to get by. “We’re actually able to get some of the information from little bits of different software. We’re doing some of that. We’re doing some handwriting.”
Ancira noted the ransomware targeted CDK does not just takes a toll on the companies and dealerships involved, but the employees and customers.
“When something like that happens, (it affects) the employees’ families and their ability to put food on the table,” she said. “Customers need their cars repaired that maybe need to go to dialysis or cancer treatment.”
Ramsonware Attack
CDK reportedly negotiated with an Eastern European ransomware hacker group called BlackSuit gang to secure a decryptor and ensure that no stolen data is leaked. The cyber attack forced the company to shut down services and pay the ransom—reportedly costing tens of millions of dollars—to restore its cloud-based software to dealerships in the country that helps dealerships manage vehicle acquisitions, sales, financing, insuring, repairs and maintenance, according to a Bloomberg report.
BlackSuit is widely believed to be a rebranding of the Royal ransomware operation, a direct successor to the Conti cybercrime syndicate. Comprising Russian and Eastern European threat actors, this organized gang has been a persistent security concern.
The company warned it is aware of “bad actors” posing as members or affiliates of CDK to try to obtain system access by contacting customers and urged employers to be cautious of any attempted phishing.
