The hackers who struck car dealership software-as-a-service (SaaS) platform CDK Global on June 18 and 19 are reportedly affiliated with a Russia-based group called BlackSuit.
This cybercriminal group has been tied to 96 extortion efforts since May 2023 and has likely committed dozens more, Bloomberg reported Friday (June 28).
BlackSuit includes members who were formerly affiliated with cyber gangs called Conti and Royal, according to the report.
Little is known about BlackSuit and its members, but security experts have described the group as low-key and business-like, the report said.
The group specializes in “double extortion” attacks that include two elements: locking victims’ systems with ransomware and stealing data that they then threaten to sell or leak, per the report.
It uses phishing and social engineering to get the information it needs to break into a computer network, according to the report.
Its ransom demands typically range from $300,000 to $5 million, and it has been known to negotiate terms with its victims, per the report.
CDK Global suffered a cyberattack on June 18, followed by another on June 19, just as it was starting to restore systems shut down in the previous attack.
The company’s dealer management platform is used by thousands of car dealerships across the United States and by automakers that leverage its software solutions to handle things like customer relationship management, financing, payroll, support and service, inventory and back-office operations.
The cyberattack left many businesses either effectively shuttered and unable to return to normal business or forced to turn to paper-based processes and other workarounds for record-keeping and other administrative tasks.
It was reported June 21 that CDK Global had begun to restore its systems, and that it expected the process to take “several days.”
On Tuesday (June 25), the company told its car dealership customers that its systems would continue to be down for at least the rest of the month.
Eighty-two percent of eCommerce merchants endured cyber or data breaches in the last year, and 47% said the breaches resulted in both lost revenue and lost customers, according to “Fraud Management in Online Transactions,” a PYMNTS Intelligence and Nuvei collaboration.