CDK Global BlackSuit ransomware (2024)
BlackSuit operators encrypted CDK Global's dealer-management platform, knocking ~15,000 North American car dealerships offline for nearly two weeks. A second attack hit on day two of recovery. Industry losses estimated at over $1 billion; CDK reportedly paid a $25 million ransom.
- Victim
- CDK Global
- Loss
- $1.00B
On 18 June 2024, the dealer-management software giant CDK Global was hit by BlackSuit ransomware β and as CDK's platform went offline, roughly 15,000 North American car dealerships lost the systems they use to track inventory, run sales, process financing, and manage service bays. The result was the largest automotive-retail outage in U.S. history.
What happened
CDK runs the dealer-management system that mid-size and large North American dealers depend on for nearly every digital workflow. When BlackSuit's encryption fired, dealers reverted to paper and pen β handwritten contracts, manual inventory counts, calls between dealers to coordinate financing.
A second attack hit on 19 June, just as CDK began bringing systems up β an unusually aggressive double-tap by BlackSuit that extended the outage. CDK started restoration with smaller dealer groups on 22 June and projected full recovery by 4 July.
The attackers escalated their demand from $10 million to over $50 million. Multiple sources told CNN in mid-July that CDK ultimately paid approximately $25 million in ransom.
BlackSuit is a successor branch of the Royal ransomware operation, itself a re-skin of the older Conti crew β a lineage that has run continuously since the early 2020s under a series of brand names.
Impact
- ~15,000 North American dealerships offline for up to two weeks.
- Estimated collective dealer losses: over $1 billion (Anderson Economic Group).
- Reported $25 million ransom paid by CDK.
- One of the clearest cases yet of how SaaS concentration risk plays out in a single retail vertical.
Why it matters
When a dealer-management platform with this much market share goes offline, the entire vertical goes offline with it. CDK Global is the post-Change-Healthcare reference case for vertical SaaS concentration risk β and a reminder that the cybersecurity posture of a single software vendor can determine whether thousands of independent retailers can transact at all.
Financial impact
Reported costs in USD
- Ransom paid$25.0M
- Business loss$1.00B
Timeline
BlackSuit ransomware operators detonate against CDK Global's dealer-management platform. Approximately 15,000 North American car dealerships lose access to inventory, sales, financing, and service-bay systems.
A second wave attack hits CDK just as recovery begins.
CDK begins systematic restoration starting with smaller dealership groups.
Initial dealerships back online; full restoration targeted for 4 July.
Multiple sources tell CNN that CDK paid approximately $25 million ransom (negotiated down from a $50 million demand).
Anderson Economic Group estimates collective dealer losses exceeded $1 billion.
Sources
- edition.cnn.comhttps://edition.cnn.com/2024/07/11/business/cdk-hack-ransom-tweny-five-million-dollars
- blackfog.comhttps://www.blackfog.com/cdk-global-ransomware-attack/
- bleepingcomputer.comhttps://www.bleepingcomputer.com/news/security/cdk-cyberattack-takes-down-car-dealerships-software/
- techtarget.comhttps://www.techtarget.com/whatis/feature/The-CDK-Global-outage-Explaining-how-it-happened