By REBECCA RUTHERFORD
For the Los Alamos Daily Post
Trying to buy a car from a dealership or get repair work done at a dealership? If you tried within the past two weeks, you might have been told they were unable to provide services … CDK Global, a provider of integrated information technology and digital marketing to the automotive, heavy truck, recreation, and heavy equipment industries, was hit by a massive ransomware attack in June.
What is CDK Global? They are a major provider of “computer-driven” dealership management systems, basically the auto dealership version of the EHR (electronic health records) systems used by doctors. The software is used for sales, service, inventory, customer relationship management, and accounting. On its website, CDK Global says it serves 15,000-plus auto retail locations in North America. Trade paper Automotive News reports there were 18,133 U.S. dealerships as of Jan. 1, 2024.
As of a few days ago, it appears CDK Global has made some progress on recovery, and software access was back online. The outage lasted two weeks and is thought to have contributed to a 3.8% decline in auto sales last month.
Who’s responsible for the attack and why did they do it? According to cyber analysts, BlackSuit, a group of cyber criminals, is thought to be responsible for the attack. Not a lot is known about this group, which emerged in May of 2023. It is thought they have ties to RoyalLocker, a Russian based cyber crime group. The group isn’t as aggressive as others, but is thought to have breached 95+ groups worldwide. The group practices the double extortion attack, where the victim has to pay to get access back and also to avoid a data breach.
Ransomware is a huge business, and payouts can be in multi-millions of dollars. The initial ransom demand was reported to be $10 million, but then increased to $50 million. It is unknown if they have paid.
The cloud is great … but vulnerable to attack, and when the servers hosting your cloud based software get locked up in a ransomware attack, your customers lose access, your customer data is at risk, and you have a lot of angry customers to deal with. Pretty high incentive to pay a ransom most of the time.
How did this attack happen? Details have not yet been made public; it’s likely the attackers socially engineered their way in via phishing, it could also have been exploitation of a software vulnerability.

What can organizations learn from this attack?
- Have a contingency plan! A big issue here is the dealerships were struggling for days with little to no guidance from CDK.
- Have an incident response plan and adequate staffing to allow for a swift response to cyber attacks. Regular drills and game days can help prep incident responders.
- Prioritize data protection, if your business handles any kind of PII make sure you have plans in place to protect it.
- Backups, backups, backups! Make sure you have a ransomware protection plan and recovery program.
What can consumers do?
- Keep an eye out for those data breach notifications, because chances are you will be getting one!
- Watch out for car dealership scams- phishing emails, calls, texts, etc. Someone is going to get your data, and they will try to figure out how to use it to get more money out of the scam.
Things seem to be better, but this is a great reminder for businesses that ransomware is spreading to other industries now, and that everyone needs to watch out. Stay safe online, and watch out for scams!


































