CDK International service outage resulting from BlackSuit ransomware assault

The BlackSuit Ransomware gang is behind CDK International’s huge IT outage and disruption of auto dealerships throughout North America, in accordance with a number of sources accustomed to the matter.

The identical sources, who supplied info on the situation of anonymity, instructed BleepingComputer that CDK is presently negotiating with the ransomware gang to acquire the decryption software program and never leak the stolen information.

Whereas BleepingComputer was the primary to report that BlackSuit was behind the assault, information was revealed that CDK was negotiating with menace actors. Bloomberg yesterday.

The negotiations come after the BlackSuit ransomware assault pressured CDK to close down its IT techniques and information facilities to stop the assault from spreading, together with its automobile gross sales platform. The corporate tried to revive companies on Wednesday however was hit by a second cybersecurity incident, shutting down all IT techniques once more.

CDK is a software-as-a-service (SaaS) supplier whose platform auto sellers use to energy all elements of their operations, together with gross sales, finance, stock, service, and back-office capabilities.

With the platform now closed, automobile dealerships have been pressured to show to pen and paper to conduct their operations, with automobile patrons telling BleepingComputer that they can not buy a automobile resulting from service outages or obtain service for current automobiles.

Two of the most important public auto retailers, Penske Automotive Group and Sonic Automotive, revealed yesterday that they have been additionally affected by the outages.

“Our Premier Truck Group enterprise makes use of CDK’s seller administration system which has been disabled,” Penske shared in a message. SEC filing.

“We instantly took precautionary containment steps to guard our techniques and started investigating the incident, and efforts stay ongoing. Premier Truck Group has carried out its enterprise continuity response plans and continues to function in any respect websites with handbook or different processes developed to answer the incident. Such incidents “

“Because of this, the corporate skilled disruptions to its CDK-hosted Vendor Administration System (“DMS”), which helps important seller operations together with people who assist gross sales, stock, accounting, and buyer relationship administration (“CRM”) capabilities, Sonic Automotive reported in an announcement. SEC filing.

“All of our brokers are open and dealing with workarounds to attenuate disruption brought on by the CDK outage.”

CDK additionally warns that menace actors hook up with brokers posing as CDK brokers or associates to achieve unauthorized entry to techniques.

BleepingComputer has contacted CDK to be taught extra concerning the ransomware assault however has not but acquired a response.

BlackSuit ransomware gang

BlackSuit was launched in Could 2023 and is believed to characterize a brand new model of proprietary ransomware operation.

Royal Ransomware, and by extension BlackSuit, is believed to be the direct inheritor to the infamous Conti cybercrime syndicate, an organized cybercrime gang comprised of Russian and Jap European menace actors.

In June 2023, Operation Royal Ransomware started testing a brand new encryption software program known as BlackSuit amid rumors that they deliberate to rebrand beneath a brand new title after attacking town of Dallas, Texas.

Since then, assaults beneath the Royal title have disappeared, and menace actors now function beneath the title BlackSuit.

In November 2023, the FBI and CISA revealed in a joint advisory that Royal and BlackSuit shared related ways and cryptographic overlaps of their encryption software program.

The warning additionally linked the proprietary ransomware gang to assaults on no less than 350 organizations worldwide since September 2022 and greater than $275 million in ransom calls for.