Auto dealers across North America are still facing significant operational disruptions following last week’s cyberattack on CDK Global, a key software provider for the automotive industry, which was forced to shut down its entire network after two successive attacks last Wednesday. The BlackSuit ransomware group has claimed responsibility for the attack and is demanding a $10 million ransom.

BlackSuit, formerly known as the Royal Cybercriminal Gang, has a history of targeting various sectors with ransomware. Notable past victims include the Silverstone Formula One Racing Circuit and the Kansas City Police Department. The group is notorious for its double extortion tactics, which involve stealing a victim organization’s sensitive data, locking up its systems, and threatening to leak the information, posing significant threats to organizations all over the world.

CDK Global issued an updated statement to dealerships, emphasizing their efforts to restore core applications and collaboration with third-party experts. The company expects the restoration process to take several days, a relatively quick turnaround given the severity of the attacks.

Why it matters: The recent cyberattacks on CDK Global by the BlackSuit ransomware group have thrown the auto retail industry into chaos, disrupting operations for over 15,000 auto dealers who rely on CDK’s software. Analysts emphasize the urgent need for stronger security measures and continuous security testing to prevent such incidents in the future. As businesses become more interconnected and increasingly partner with third parties for routine operations, hacker groups like BlackSuit will continue to exploit weak points in the supply chain, use stolen data to demand massive payouts, and pose a significant threat to modern business ecosystems.

• Warnings and Phishing Threats: CDK Global has issued warnings to dealerships to be on the lookout for any email phishing and vishing scammers from BlackSuit attempting to gain additional access to login credentials.

• Precautionary Steps: Some dealership businesses such as AutoNation and Group 1 Automotive have taken steps to protect their data and continue operations manually, underscoring the importance of having contingency plans in place for such cyber incidents.

• Security Implications: The attacks underline the critical need for fortified security measures across industries, particularly for third-party vendors. Experts stress the importance of continuous security testing and enhanced visibility to prevent similar incidents.

Go Deeper -> CDK to Pay Ransom Attacker BlackSuit as US Car Dealers Struggle – CyberNews

Explainer: The ‘BlackSuit’ Hacker Behind the CDK Global Attack Hitting US Car Dealers – Reuters