
CDK says financial relief coming for ransomware outage
By onLegal | Technology
CDK is promising financial relief to more than 15,000 dealerships that saw service outages for nearly two weeks due to a ransomware attack, CBT Global is reporting.
The outlet says CEO Brian MacDonald told dealerships there would be “forthcoming financial relief” in a letter sent Thursday, the news agency says. The letter doesn’t provide a compensation plan but says the company’s engagement team would provide more details.
News that CDK likely paid a $25 million ransom to Eastern European hacking group BlackSuit broke yesterday via CNN Business.
“Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer,” CNN says. “But data on the blockchain that underpins cryptocurrency payments also tells its own story.”
CNN reports 387 bitcoin, equivalent to about $25 million, was sent to an account known to be controlled by hackers affiliated with BlackSuit on June 21.
CDK first shut down its management system June 19. It briefly brought the system back online the next day, only to shut it back down that evening. The system provides a suite of tools for vehicle sales, financing, insurance, and parts inventory and ordering.
The system remained offline for nearly two weeks, with most systems restored by late July 3 and early July 4.
CDK has not positively been identified as the payer of the $25 million to BlackSuit, CNN states. However, multiple sources told the news agency they were “very likely” the source.
“Federal officials generally discourage paying a ransom to cybercriminals because payments can fuel future attacks,” CNN reported. “But some companies feel they have no choice but to pay off hackers to try to recover sensitive customer data or get their systems back online.”
CNN says UnitedHealth Group paid a $22 million ransom to a different criminal group in February after it suffered a ransomware attack that disrupted pharmacies.
Mandiant, a Google subsidiary, released a report last month that shows ransomware increased in 2023 compared to 2022. This includes a 75% increase in posts on data leak sites and a more than 20% increase in Mandiant-led investigations.
It says 2023 was a record-breaking year with more than $1 billion paid to ransomware attackers.
A class action lawsuit filed by Jay Kay Collision Center June 25 claims CDK failed to implement reasonable data securities causing a data break that has disrupted service to car dealerships, automobile repair centers, OEMs, software vendors, and other service providers.
The collision center claims it wasn’t able to order parts due to the breach, which caused delays in its ability to repair vehicles. The inability to check on the status of pending parts orders also created additional delays in repairing vehicles, the suit says. It adds employees had to be paid to deal with the delays, business interruption, and manual parts ordering.
IMAGES
Photo courtesy of Sundry Photography/iStock