CDK Global is now calling cyber attack that destroyed its software platform for its car dealership customers “a rewarding event”.
In a note to clients on Saturday, CDK admitted for the first time that hackers who created its dealer management system, or DMS, unavailable to customers for daysare demanding a ransom to restore its systems.
“Thank you for your patience as we recover from the cyber ransom event that occurred on June 19,” CDK said in a memo to clients on Saturday, according to a copy of the email obtained by CBS MoneyWatch.
CDK added in the note that it has begun restoring its systems and expects the process of bringing key applications back online “to take days, not weeks.”
Beware of phishing
In its memo, the company also warned car dealers to be alert to phishing scams, or entities that pose as CDK but are actually bad actors trying to obtain proprietary information such as customer passwords.
A spokesperson for CDK told CBS MoneyWatch that it is offering customers “alternative ways of doing business” while its systems remain down.
The cybercriminals behind the CDK attack are linked to a group called BlackSuit, Bloomberg reported Monday, citing Allan Liska of computer security firm Recorded Future. In a June 21 article, the media also said the hackers were demanding tens of millions of dollars and that CDK planned to pay the ransom.
Liska did not immediately respond to a request for comment. CDK itself has not indicated any group behind the attack on its system. has stopped selling cars across the US since last week. Companies targeted in ransomware schemes are often reluctant to disclose information in the midst of negotiations with hackers for a payment.
“Doing everything by hand”
The hack has left some car dealers unable to do business, while others report using pen and paper and even “sticky notes” to record transactions.
Tom Maoli, owner of Celebrity Motor Car, which operates five luxury car dealerships in New York and New Jersey, told CBS MoneyWatch on Monday that his employees are “doing everything by hand.”
“We’re trying to keep our customers happy and the biggest issue is the banking side of things, which is fully backed up. We can’t fund deals,” he said.
Ransomware attacks are increasing. In 2023, more than 2,200 entities, including hospitals, schools and US governments were directly affected by ransomware, according to Emisoft, an anti-malware software company. In addition, thousands of private sector companies were targeted. Some experts believe the only way to stop such attacks is to ban the payment of rewards, which Emisoft said would lead bad actors to “quickly focus and move away from cryptographic-based attacks with impact high in other less disruptive forms of cybercrime”.
Earlier this year, the US Department of State offered $10 million in exchange for identity of the leaders of the Hive ransomware gang, which since 2021 has been responsible for attacks on more than 1,500 institutions in over 80 countries, resulting in the theft of more than $100 million.