CDK Global announced yesterday that their dealership control system (DMS), which was severely impacted by a cyberattack, is expected to be fully restored by Thursday, July 4, for all car dealers. The company is also working tirelessly to restore access to other affected applications, such as the customer relationship management system (CRM), One-Eighty, and service solutions.
Lisa Finnie, a spokesperson for CDK Global, mentioned that the company is currently in the process of gradually recovering and reconnecting dealers to the dealership control system (DMS) at a rapid pace. It is anticipated that all dealers will be reconnected by Wednesday evening, July 3, or early Thursday morning, July 4.
CDK Global’s platform, which offers software as a service (SAAS), is utilized by over 15,000 car dealers across North America to oversee various operations, including sales, financing, inventory management, maintenance, and support functions.
Following a major outage triggered by an attack last month, CDK had to shut down their IT systems and data centers, resulting in dealers resorting to manual paper-based document management. This led to disruptions in car purchases and service for existing vehicles.
Amid efforts to restore services, CDK faced a second cyberattack, prompting another shutdown of all IT systems to mitigate the impact. The company also cautioned that hackers were resorting to social engineering tactics by posing as CDK representatives to gain unauthorized access to dealer systems.
While the company has not publicly identified the perpetrators of the June attack, sources familiar with the matter suggest that the Blacksuit extortion group was responsible for targeting CDK Global. Anonymous insiders also indicated that negotiations are underway between CDK and the hackers to acquire a decryption key and prevent the disclosure of stolen data.
The Blacksuit group emerged in May 2023, believed to be a rebranding of the Royal Ransomware group and a successor to the notorious Conti Cybercrown Cybercrower. After launching an attack on the city of Dallas in June 2023, the Royal hackers began testing a new encryption method under the name Blacksuit amidst speculations about rebranding. Subsequently, the attackers have exclusively operated under the Blacksuit moniker, discontinuing the use of the Royal Ransomware label.
Reports published in November 2023 by CISA and the FBI revealed that both Royal and Blacksuit employ similar tactics and their encryption mechanisms