I work for a digital automotive marketing company selling and supporting car dealers in Atlanta. It has not been fun the last couple of days. Dealers are scrambling to connect and communicate with potential car buyers in an already soft market. For those that rely on CDK for their entire business it's even worse.

I miss the days when my dealers had on site servers. No mater what was going on in the world if they had a generator they could run their business.

The dealership handling my truck repair informed me today that their systems were down as well. I’m hoping they were able to get the necessary part ordered as I’ve been without my vehicle for 9 days now.

I work for a Honda dealer and we have CDK. The parts department can still order parts but need to call in the order to the factory. Service is down and so is sales until sales can get on another program

Day 3

Just had a tire shop tell me they couldn't find the 4th of a set of ordered tires that arrived Wed. My first thought was if they use this goofy system too.

5 minutes later; HEY!! Here it is right over there!
sweetbabyjeebus

This is going to happen more and more and across other commercial industries. We’ve become too dependent on the net for tasks that can be done by phone with a paper system.

Oh how did we ever live in the 60’s and 70’s without the net.

I showed up today for a complimentary service/oil change with my daughter for her RAV-4 we scheduled last week. Still down. We were told they could change the oil but it's a 2 1/2 hour wait- for an oil change and rotate tires because of this.

Apparently the Ford dealer across the street has shut down until this gets fixed. The cost to dealers and manufacturers has to be enormous at this point. If it's a state actor, I wonder how the US will respond? If it's some guy in his/her mom's basement, the feds won't be amused when they find him.

quote:

Originally posted by BB61:
If it's a state actor, I wonder how the US will respond?

An Apology, Flowers or maybe a Candy-Gram depending on who the perpetrator is.

quote:

Originally posted by BB61:
If it's a state actor, I wonder how the US will respond? If it's some guy in his/her mom's basement, the feds won't be amused when they find him.

Likely nothing. With the current walking corpse in the oval office they might make him say, "Zibble zabble zibble," if they say anything at all.

If the perpetrator had registered Republican at any point in the past they might hang him.

^^^^Crap


Day 4

Skuttlebutt from some in the Automotive data industry, perpetrators are believed in Eastern Europe, possible ransom demand is $100 million.

I visited my favorite local dealer this morning, for a long-scheduled inspection on my SUV. I noticed they were doing hand-written tickets, but didn't think much about it until my advisor mentioned the outage. I figured it was simply because I was there as the "early bird."

I chatted with my advisor for a few minutes before I left. He mentioned the outage and rumors he'd heard of an $80 million ransom.

quote:

Originally posted by BB61:
Apparently the Ford dealer across the street has shut down until this gets fixed.

My advisor mentioned that the two nearby Ford stores had also pretty much shut down over this thing. Yikes, what a costly mess.

I have often thought that we should have a remote island, with no means of escape. The sentence for certain criminal activities should be banishment to this island. Maybe give the criminals some seeds to grow food and tell them "Live or die, it's up to you. 'Bye-bye."

quote:

Originally posted by HRK:
Skuttlebutt from some in the Automotive data industry, perpetrators are believed in Eastern Europe, possible ransom demand is $100 million.

Of course they are, all these scumbags are Ukrainian or Russians most of the time. Whenever they catch these people putting skimmers on ATM’s and gas pumps around here it seems they’re always from some Eastern European armpit country

quote:

Originally posted by V-Tail:
I have often thought that we should have a remote island, with no means of escape. The sentence for certain criminal activities should be banishment to this island. Maybe give the criminals some seeds to grow food and tell them "Live or die, it's up to you. 'Bye-bye."

Lots of good places just off the Alaska coast.

quote:

Originally posted by PASig:

quote:

Originally posted by HRK:
Skuttlebutt from some in the Automotive data industry, perpetrators are believed in Eastern Europe, possible ransom demand is $100 million.

Of course they are, all these scumbags are Ukrainian or Russians most of the time. Whenever they catch these people putting skimmers on ATM’s and gas pumps around here it seems they’re always from some Eastern European armpit country

CDK Global outage caused by BlackSuit ransomware attack
Link

The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter.

The same sources, who provided information on condition of anonymity, told BleepingComputer that CDK is currently negotiating with the ransomware gang to receive a decryptor and not leak stolen data.

While BleepingComputer is the first to report that BlackSuit is behind the attack, the news that CDK is negotiating with threat actors was revealed by Bloomberg yesterday.

The negotiations come after the BlackSuit ransomware attack forced CDK to shut down its IT systems and data centers to prevent the attack's spread, including its car dealership platform. The company tried restoring services on Wednesday but suffered a second cybersecurity incident, causing it to shut down all IT systems again.

CDK is a software-as-a-service (SaaS) provider whose platform is used by car dealerships to run all aspects of its operation, including sales, financing, inventory, service, and back office functions.

As the platform is now shut down, car dealerships have had to switch to pen and paper to conduct their operations, with BleepingComputer told by car buyers that they could not purchase a car due to the outage or receive service for existing cars.

Two of the largest public car dealership companies, Penske Automotive Group and Sonic Automotive, disclosed yesterday that they, too, were impacted by the outages.

"Our Premier Truck Group business utilizes CDK's dealer management system which has been disrupted," Penske shared in an SEC filing.

"We immediately took precautionary containment steps to protect our systems and commenced an investigation of the incident, which efforts are ongoing. Premier Truck Group has implemented its business continuity response plans and continues to operate at all locations through manual or alternate processes developed to respond to such incidents."

"As a result, the Company experienced disruptions to its dealer management system ("DMS") hosted by CDK, which supports critical dealership operations including those supporting sales, inventory and accounting functions and its customer relationship management ("CRM") system," reported Sonic Automotive in an SEC filing.

"All of the Company's dealerships are open and operating utilizing workaround solutions to minimize the disruption caused by this CDK outage."

CDK also warns that threat actors are calling dealerships posing as CDK agents or affiliates to gain unauthorized systems access.

BleepingComputer contacted CDK to learn more about the ransomware attack but has not received a response yet.

The BlackSuit ransomware gang
BlackSuit launched in May 2023 and is believed to be a rebrand of the Royal ransomware operation.

Royal Ransomware, and thus BlackSuit, is believed to be the direct successor of the notorious Conti cybercrime syndicate, an organized cybercrime gang comprised of Russian and Eastern European threat actors.

In June 2023, the Royal Ransomware operation began testing a new encryptor called BlackSuit amid rumors that they planned to rebrand under a new name after they attacked the City of Dallas, Texas.

Since then, attacks under the Royal name have disappeared, with the threat actors now working under the BlackSuit name.

In November 2023, the FBI and CISA revealed in a joint advisory that Royal and BlackSuit share similar tactics and coding overlaps in their encryptors.

The advisory also linked the Royal ransomware gang to attacks on at least 350 organizations worldwide since September 2022 and more than $275 million in ransom demands.

Been on the news with hospitals and health care providers this Spring also. It seemed rather widespread.

quote:

Originally posted by V-Tail:
I have often thought that we should have a remote island, with no means of escape. The sentence for certain criminal activities should be banishment to this island. Maybe give the criminals some seeds to grow food and tell them "Live or die, it's up to you. 'Bye-bye."

Australia?

What’s old, can be new again. I think you are talking about a ‘penal colony’.

quote:

Originally posted by Cassandra:

quote:

Originally posted by V-Tail:
I have often thought that we should have a remote island, with no means of escape. The sentence for certain criminal activities should be banishment to this island. Maybe give the criminals some seeds to grow food and tell them "Live or die, it's up to you. 'Bye-bye."

Australia?

Perhaps Manhattan...