CDK Global Ransomware: What Happened and How It Impacted Businesses

In June 2024, North American auto dealerships faced a massive disruption when a ransomware attack on CDK Global, a leading software provider for the automotive industry, crippled thousands of operations for days.

This article examines the CDK Global ransomware incident, its impact on automotive businesses, and cybersecurity best practices organizations can implement to protect themselves against similar cyberthreats.

CDK Global is a major technology provider offering software and IT solutions to over 15,000 dealership locations across North America.

On June 18, 2024, CDK Global experienced a cyberattack orchestrated by the BlackSuit ransomware group, known for ties to the Royal and Conti ransomware groups.

The CDK ransomware attack encrypted key files and systems, prompting CDK Global to take its dealer management systems offline to contain the damage.

Shortly after the first attack, a second attack forced further shutdowns, and the attackers escalated their ransom demand from $10 million to over $50 million.

The CDK ransomware attack exemplifies just how deep the impacts of ransomware can be to businesses that rely on third-party providers. Extensive disruptions from thousands of auto dealerships, including major names such as Lithia Motors, Group 1 Automotive, Penske Automotive, and Sonic Automotive, were reported.

One result of this was that dealerships lost access to dealer management systems that they rely upon for customer data, inventory tracking, and transaction processing.

It caused delays in dealerships getting necessary information about their business, which, in turn, had an impact on service. Tracking and ordering parts delays also contributed to shortages in dealerships’ inventory and service bottlenecks, with huge customer satisfaction implications.

The attack also continued to disrupt sales and financing processes. Without access to digital systems, dealerships would struggle to close sales, arrange financing, and ultimately would have to forgo revenue and lose customer trust.

After the CDK Global ransomware attack, the company took a structured, phased approach to stop the threat and recover operations. The first thing CDK Global did was to isolate and shut down infected systems to ensure that compromised systems couldn’t spread the ransomware any further.

On June 22, CDK Global began a systematic restoration process, starting with bringing smaller dealership groups back online.

Some dealerships had system access by June 28, and CDK said it planned to fully restore all systems by July 4. The phased approach allowed CDK to focus on the essentials, but to do so safely and stably at each step.

CDK Global hasn’t publicly confirmed that a ransom was paid to the BlackSuit ransomware attackers, but reports say a $25 million sum was paid which might have helped expedite this process.

Read More: Ransomware Recovery: Key Steps Every Firm Should Know

The CDK Global ransomware attack shows the clear importance of having successful ransomware prevention strategies in place for protecting data and working through business disruptions.

The key things companies need to do include making sure data is backed up and frequently tested in isolation, implementing advanced endpoint security to detect and stop ransomware early, and providing comprehensive employee training about potential cyberthreats.

Read More: The State of Ransomware 2024

Ransomware attacks are one of the worst things to happen to a business; prevention is always better than making the decision to pay or not to pay a ransom. Anti data exfiltration (ADX) technology from BlackFog stops the attack in real-time, preventing sensitive data from being exfiltrated in the first place, thus stopping the cybercriminals in their tracks.

Learn more about how BlackFog’s ADX technology can protect your organization from ransomware and data breaches. Get started today.