Cyberattack on CDK Global: Hackers Demand Millions in Ransom
A significant cyberattack has disrupted car sales across the United States, with the hacking group BlackSuit identified as the culprits. Allan Liska, a threat analyst at Recorded Future Inc., revealed that the cybercriminals are demanding a multi-million dollar ransom from CDK Global, the company at the center of the attack. Reports indicate that CDK plans to meet the ransom demands.
CDK Global's involvement in negotiations with BlackSuit is suggested by the absence of the company’s name on the group's extortion site. This detail hints at ongoing discussions or a possible ransom payment. A spokesperson from CDK, Lisa Finney, refrained from commenting on the attackers' identities but assured that the affected services are expected to be restored soon. The company is currently cooperating with law enforcement agencies.
BlackSuit’s Background and Operations
BlackSuit is believed to be an ensemble of hackers mainly from Russia and Eastern Europe, with associations to the notorious Royal Ransomware group. According to Jon Clay, a threat intelligence researcher at TrendMicro, BlackSuit operates on a ransomware-as-a-service model, supplying tools to affiliates and collecting a share of the ransom profits. Their malicious software displays traits similar to Royal Ransomware's tools, though the degree of overlap between the group members remains uncertain.
The U.S. Cybersecurity and Infrastructure Security Agency has highlighted the group's proficiency in targeting both Linux and Windows systems. The FBI and CISA have documented Royal Ransomware's history of targeting around 350 victims, demanding ransoms exceeding $275 million since 2022.
Previous Attacks and Impact
BlackSuit has made headlines before, most notably for leaking extensive files from the Kansas City Police Department and causing widespread shutdowns at nearly 200 plasma donation centers globally in April. Other notable incidents attributed to BlackSuit include attacks on a Georgia school system and the theft of over 200 gigabytes of data from Indiana University.
Following the recent attack on CDK Global, the cybersecurity news site Bleeping Computer had earlier reported BlackSuit’s involvement, corroborating the information with unnamed sources. The full implications of this attack are yet to unfold as CDK Global works to regain operational control.