Car dealership software company CDK Global recently disclosed that it had been the target of a cyberattack, which is now being linked to the BlackSuit ransomware group. Due to this attack, there has been a major IT outage, which has disrupted vehicle dealerships all over North America.
Information about the ransomware attack was leaked by several confidential sources, who said that CDK is presently negotiating with the attackers to obtain a decryptor and stop the theft of data from being leaked. This report comes after Bloomberg disclosed that CDK is in communication with the threat actors.
In an effort to stop the attack’s spread, CDK promptly shut down all of its data centres and IT services, including its platform for car dealerships. Another cybersecurity attack on Wednesday prevented efforts to restore services, resulting in a second stoppage.
A broad range of dealership operations, such as sales, financing, inventory management, service, and back-office tasks, are supported by CDK’s platform. Dealerships have switched to manual operations due to the system outage, which has prevented some customers from buying automobiles or getting maintenance for their current vehicles.
The CDK Global outage caused problems for Penske and Sonic Automotive.
Notable publicly traded corporations Penske Automotive Group and Sonic Automotive are among the impacted dealerships. Penske revealed that there was disruption to its Premier Truck Group, which depends on CDK’s dealer management system, in an SEC filing. Penske continued operations using manual or alternative methods while taking prompt action to contain the problem and launch an ongoing inquiry.
Similar to this, Sonic Automotive stated that CDK-hosted dealership management system disruptions had an impact on crucial functions like accounting, sales, and inventory. Sonic’s dealerships continue to run, utilising workarounds to lessen the effects of the outage.
Dealerships have been alerted by CDK Global about scammers who pose as CDK agents in an attempt to obtain unauthorised system access amidst this situation. Security researchers have asked CDK for further information regarding the ransomware attack, but they have not received any additional details as of now.