In a significant cybersecurity event, CDK Global has disclosed that the recent cyberattack which crippled its software platform for auto dealership clients is a “ransom event.” The revelation came in a note to clients on Saturday, marking the first acknowledgment that the attack involved hackers demanding a ransom to restore the compromised systems.
The Ransom Event Unveiled
“Thank you for your patience as we recover from the cyber ransom event that occurred on June 19th,” CDK Global stated in a memo to clients. This note indicated the beginning of system restoration efforts, estimating that bringing major applications back online would take several days, not weeks.
Increased Phishing Risks
In addition to the ransom demand, CDK Global warned car dealerships to be vigilant against phishing scams. These scams involve malicious actors posing as CDK to extract sensitive information such as customer passwords. This added layer of caution underscores the multifaceted nature of modern cyber threats.
Impact on Operations
A CDK spokesperson informed a CBS MoneyWatch reporter that customers are being provided with alternative methods to conduct business while systems remain offline. According to reports from Bloomberg, the cybercriminals behind the attack are linked to a group called BlackSuit, and the ransom demands are reportedly in the tens of millions of dollars.
The Rising Threat of Ransomware
The attack on CDK Global highlights the increasing prevalence of ransomware. As Cliff Steinhauer, Director of Information Security at the National Cybersecurity Alliance, noted, such attacks have become alarmingly frequent, affecting various industries and organizations globally.
Operational Challenges
The ransomware attack has left many car dealerships struggling to maintain operations. Tom Maoli, owner of Celebrity Motor Car Company, reported that his employees are resorting to manual methods such as using pen and paper to record transactions. This disruption has particularly impacted the banking side of their business, causing significant delays in funding deals.
Asbury Automotive Group, another major player in the automotive retail sector, confirmed that the attack has adversely affected its operations. However, its Koons Automotive dealerships, which do not rely on CDK’s software, have managed to continue their operations without interruption.
The Bigger Picture
Ransomware attacks are on the rise. In 2023 alone, over 2,200 entities, including hospitals, schools, and government institutions in the U.S., were impacted by ransomware, according to anti-malware company Emisoft. The private sector has also seen numerous attacks, leading to significant operational disruptions and financial losses.
Some experts argue that banning ransom payments could deter such attacks, forcing cybercriminals to shift towards less disruptive forms of cybercrime. This perspective gained traction after the U.S. Department of State offered a $10 million reward for information leading to the capture of leaders of the Hive ransomware gang, responsible for attacks on over 1,500 institutions worldwide.
Conclusion
The CDK Global ransomware attack is a stark reminder of the pervasive threat posed by cybercriminals. As we observe Ransomware Awareness Month this July, it is crucial for organizations to bolster their cybersecurity defenses, stay informed about potential threats, and implement proactive measures to safeguard their operations.
Stay tuned to Isogent’s blog for more insights and updates on cybersecurity threats and how to protect your business.
