CDK starts bringing systems online after ransomware attack
By onAnnouncements | Technology
CDK renewed service to its Dealer Management System (DMS) for a small test group of dealers Wednesday after facing a cyber attack that started last week, according to an email the company sent late Wednesday night.
“We have successfully brought a small initial test group of dealers live on the Dealer Management System (DMS), and once validation is complete, we will begin phasing in other dealers,” the email says. “We are also actively working to bring live additional applications —including our Customer Relationship Management (CRM) and Service solutions — and our Customer Care channels. In the meantime, we have created a Dealer Resource Center with commonly used documents and forms to support their sales and service efforts. We understand and share the urgency for our customers to get back to business as usual, and we will continue providing updates as more information is available.”
BlackSuit, a believed Russian and Eastern European hacking group, is behind a ransomware attack on the company, according to multiple media reports.
CDK first shut down its management system to 15,000 dealerships June 19. It briefly brought the system back online the next day, only to shut it back down again that evening. The system provides a suite of tools including vehicle sales, financing, insurance, and parts inventory and ordering.
Bloomberg reported that CDK planned to pay the hacker’s extortion fee in the tens of millions of dollars.
The hacking group specializes in hacking Linux and Windows, the article says. It adds that typically a desktop wallpaper on a computer directs the victim to contact the group via a site on the dark web.
“The same gang previously published hundreds of files stolen from the police department in Kansas City, Kansas,” Bloomberg says. “Nearly 200 plasma donation centers worldwide also shut down as a result of BlackSuit’s activity in April. The group has claimed credit for attacks on a Georgia school system and for stealing more than 200 gigabytes of data from an Indiana University.”
Mandiant, a Google subsidiary, released a report earlier this month that shows Ransomware increased in 2023 compared to 2022. This includes a 75% increase in posts on data leak sites (DLS) and a more than 20% increase in Mandiant-led investigations.
It says 2023 was a record-breaking year with more than $1 billion paid to ransomware attackers.
IMAGES
Photo courtesy of Kwangmoozaa/iStock