CDK Global outage likely to last until July, as ransom demand looms


A ransomware attack against CDK Global still has car buyers and dealerships reeling as an outage impacting back-end services continues. The latest estimate on CDK's retail software and services returning to normal are days, according to the company. On Tuesday reports emerge that a multimillion dollar ransomware payment is in the works.

The automotive software-as-a-service (SaaS) company was hit with a cyberattack last week that led to a company-wide systems shutdown and widespread operational disruption at many of CDK’s 15,000 auto dealership customers.

An email reportedly sent out Tuesday to CDK customers and circulated on social media states that the company does not believe service can be returned to all affected car dealers by June 30th.

“Should you need to make alternate plans for your month-end financial close process, you should do so,” the email states, as customers struggle to run their businesses without access to crucial software services.

CNN reported Tuesday on the significant impact of the CDK outage on both dealers and vehicle owners, with dealers taking major financial hits due to closures and delays, and purchasers left unable to register their vehicles. The article quotes sources that a full recovery of services could take "weeks to months".

One customer, AutoNation, said in a filing with the Securities and Exchange Commission (SEC) Monday that it has managed to keep its doors open “albeit with lower productivity” using manual and alternate processes to continue operations.

Another client, Group 1 Automative, similarly reported in a public statement that it is using alternative process to keep its more than 200 auto dealerships running, adding that CDK advised the company that restoration would come within “several days and not weeks.”

These updates come after reports that CDK suffered a second cyberattack while attempting to restore its systems last week, warning customers to protect themselves against potential follow-up social engineering attacks.

Additionally, BleepingComputer reported Saturday that ransomware group BlackSuit was allegedly behind the attack.  BlackSuit is suspected to be a rebranded version of the Royal ransomware gang, according to BleepingComputer.

On Thursday, Bloomberg reported that CDK planned to pay a ransom demand of “tens of millions of dollars,” citing an anonymous source familiar with the matter.

SC Media reached out to a CDK representative Tuesday with questions about the ransom demand and recovery timeline, and did not receive a response.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.