Since you're the only response @smcin (thanks for the update)
Further 6/25/2024 Update: Ransomware being demanded by group called Blacksuit (sounds like a wealth management company). Apparently believed to be a rebrand of the Royal ransomware operation, which is believed to be the direct successor of the notorious Conti cybercrime syndicate. https://www.bleepingcomputer.com/news/security/cdk-global-ou...
> In June 2023, the Royal Ransomware operation began testing a new encryptor called BlackSuit amid rumors that they planned to rebrand under a new name after they attacked the City of Dallas, Texas. Since then, attacks under the Royal name have disappeared, with the threat actors now working under the BlackSuit name.
> In November 2023, the FBI and CISA revealed in a joint advisory that Royal and BlackSuit share similar tactics and coding overlaps in their encryptors.
Many major automotive dealership and supply companies have filed SEC Form-8K's notifying shareholders of a "significant disruption to activities." Include: Group 1 Automotive, Sonic Automotive, Penske Automotive Group, Lithia Motors, and Asbury Automotive Group. https://www.theregister.com/2024/06/24/the_number_of_cdk_cus...
> According to Group 1 Automotive's filing, CDK told customers that recovery will be a matter of days rather than weeks
Other sites are skeptical of the link, because "as of Monday, CDK Global is not yet listed on the BlackSuit gang's dark web site, where the group would publicly list its victims to shame them into paying a hefty ransom" and CDK still will not respond. https://www.axios.com/2024/06/24/blacksuit-ransomware-cdk-gl...
> customers started being told that (the RMV) wasn’t taking any walk-ins,” he said. “They were probably getting flooded with customers and started turning people away.” Deveney said one customer got increasingly agitated because he couldn’t register his car. “Getting an appointment might take three or four days, and in that time they aren’t really able to drive their cars,” he added. ... “Today… I sent 21 registrations to be done manually at the Massachusetts RMV,” she said, adding that the RMV won’t accept transactions from dealership employees.
> Don Aycock told CNN he drove 90 miles round-trip from his home to a car dealership in Clay County, Florida, to buy a new Buick on Thursday, a day after the CDK shutdown. He told CNN he was able to buy the car but was unable to sign the title.
> Yuriy Loginov filed a potential class-action suit in the U.S. District Court in the Northern District of Illinois on Saturday, claiming CDK failed “to implement reasonable and industry standard data security practices to properly secure, safeguard, and adequately destroy Plaintiff’s and Class Members’ sensitive personal identifiable information.”
The amount of personal information stolen is enormous, and possibly one of the largest thefts ever. Digital Deal Jackets includes an eLibrary with 8,500 different document types with at least: Customer ID (driver's license, ect..), Disclosure of Known Defects (VIN, title, origin, registration cards, carfax reports, vehicle photos, shipping docs), Buyer's Guide, Payment Instrument (loan agreement, credit application, payment terms Proof of insurance coverage, trade-in vehicle, bill of sale, current loan account balance, ePayments and wallets), OFAC (Specially Designated Nationals and Blocked Persons list) Search https://www.autoremarketing.com/subprime/cdk-global-release-...
Reddit has a decent amount of discussion, and most doesn't look great. Speficially industries other than cars, lack of ability to quickly switch, chain of products that need to be disabled, dealers are likely "insurance perspective responsible" (it means that the dealership - NOT CKD - will need to provide breach notification) [1r][2r][3r]
> "I have worked at two tractor dealerships and am currently at a heavy equipment/construction dealership and all use cdk." [...] "Heavy equipment is affected as well. It's not a fun time, especially with 20+ equipment and attachment manufacturers under one roof." [...] "Not just car dealerships but affecting hundreds of big rig truck dealerships that use cdk." [...] "I work in a farm equipment dealership, we just installed CDK in April. We decided on CDK in August 2023...April 15th was the earliest they could set is up. You're looking at months to move to a new system, at minimum." (from a different article: "CDK works closely with the leading agriculture equipment distributors including AGCO, Bobcat, Ditch Witch, John Deere, Kubota and CNH.") [...] "I work an international dealership and we’re struggle bussing."
> Even if your dealership lawyers tore apart contracts for breach of service and FTC vendor violations you can't migrate away. No system to import into DT or R&R or whatever from, you'd have to start entirely from scratch and do a full inventory start to bottom which (between fighting to get out of contract, signing new DMS contract, onboarding, learning new DMS, and doing full PI) is likely as long or longer than sticking with CDK.
> CDK Drive Updates rely on software called CDK SIA and another piece of software called Adaptiva which is installed on every computer that uses CDK Drive. If SIA or Adaptiva gets breached or has gotten breached they could remotely install malware on every computer that has CDK on it.
> (From insurance industry commentator) CDK is likely the data holder, but the dealership is probably the data owner. If any information of the client's dealership was acquired, it means that the dealership - NOT CKD - will need to provide breach notification, credit monitoring etc. [...] The dealerships need to work with their insurance guy to determine if this incident qualifies as a reportable, "circumstance." Failure to report a circumstance before renewal could later lead to a declination of coverage for this event. There are a few cyber insurers I know of that concentrate in this space. Large dollars on the line could easily lead to these insurers denying coverage later on to save their bottom line.
Further 6/25/2024 Update: Ransomware being demanded by group called Blacksuit (sounds like a wealth management company). Apparently believed to be a rebrand of the Royal ransomware operation, which is believed to be the direct successor of the notorious Conti cybercrime syndicate. https://www.bleepingcomputer.com/news/security/cdk-global-ou...
> In June 2023, the Royal Ransomware operation began testing a new encryptor called BlackSuit amid rumors that they planned to rebrand under a new name after they attacked the City of Dallas, Texas. Since then, attacks under the Royal name have disappeared, with the threat actors now working under the BlackSuit name.
> In November 2023, the FBI and CISA revealed in a joint advisory that Royal and BlackSuit share similar tactics and coding overlaps in their encryptors.
Many major automotive dealership and supply companies have filed SEC Form-8K's notifying shareholders of a "significant disruption to activities." Include: Group 1 Automotive, Sonic Automotive, Penske Automotive Group, Lithia Motors, and Asbury Automotive Group. https://www.theregister.com/2024/06/24/the_number_of_cdk_cus...
> According to Group 1 Automotive's filing, CDK told customers that recovery will be a matter of days rather than weeks
Other sites are skeptical of the link, because "as of Monday, CDK Global is not yet listed on the BlackSuit gang's dark web site, where the group would publicly list its victims to shame them into paying a hefty ransom" and CDK still will not respond. https://www.axios.com/2024/06/24/blacksuit-ransomware-cdk-gl...
People can buy cars (sometimes), yet often cannot register the car even after purchase or sign the title. https://www.cnn.com/2024/06/25/business/car-dealership-cdk-c...
> customers started being told that (the RMV) wasn’t taking any walk-ins,” he said. “They were probably getting flooded with customers and started turning people away.” Deveney said one customer got increasingly agitated because he couldn’t register his car. “Getting an appointment might take three or four days, and in that time they aren’t really able to drive their cars,” he added. ... “Today… I sent 21 registrations to be done manually at the Massachusetts RMV,” she said, adding that the RMV won’t accept transactions from dealership employees.
> Don Aycock told CNN he drove 90 miles round-trip from his home to a car dealership in Clay County, Florida, to buy a new Buick on Thursday, a day after the CDK shutdown. He told CNN he was able to buy the car but was unable to sign the title.
Class Action lawsuits are already starting. https://qz.com/cdk-global-sued-personal-data-cyberattack-185...
> Yuriy Loginov filed a potential class-action suit in the U.S. District Court in the Northern District of Illinois on Saturday, claiming CDK failed “to implement reasonable and industry standard data security practices to properly secure, safeguard, and adequately destroy Plaintiff’s and Class Members’ sensitive personal identifiable information.”
The amount of personal information stolen is enormous, and possibly one of the largest thefts ever. Digital Deal Jackets includes an eLibrary with 8,500 different document types with at least: Customer ID (driver's license, ect..), Disclosure of Known Defects (VIN, title, origin, registration cards, carfax reports, vehicle photos, shipping docs), Buyer's Guide, Payment Instrument (loan agreement, credit application, payment terms Proof of insurance coverage, trade-in vehicle, bill of sale, current loan account balance, ePayments and wallets), OFAC (Specially Designated Nationals and Blocked Persons list) Search https://www.autoremarketing.com/subprime/cdk-global-release-...
Not CDK, yet Deal Jacket example from another vendor: https://autodealerpro.com/wp-content/uploads/2013/12/digital...
This may also lateral into a huge host of "lenders" https://www.cdkglobal.com/lenders
Reddit has a decent amount of discussion, and most doesn't look great. Speficially industries other than cars, lack of ability to quickly switch, chain of products that need to be disabled, dealers are likely "insurance perspective responsible" (it means that the dealership - NOT CKD - will need to provide breach notification) [1r][2r][3r]
> "I have worked at two tractor dealerships and am currently at a heavy equipment/construction dealership and all use cdk." [...] "Heavy equipment is affected as well. It's not a fun time, especially with 20+ equipment and attachment manufacturers under one roof." [...] "Not just car dealerships but affecting hundreds of big rig truck dealerships that use cdk." [...] "I work in a farm equipment dealership, we just installed CDK in April. We decided on CDK in August 2023...April 15th was the earliest they could set is up. You're looking at months to move to a new system, at minimum." (from a different article: "CDK works closely with the leading agriculture equipment distributors including AGCO, Bobcat, Ditch Witch, John Deere, Kubota and CNH.") [...] "I work an international dealership and we’re struggle bussing."
> Even if your dealership lawyers tore apart contracts for breach of service and FTC vendor violations you can't migrate away. No system to import into DT or R&R or whatever from, you'd have to start entirely from scratch and do a full inventory start to bottom which (between fighting to get out of contract, signing new DMS contract, onboarding, learning new DMS, and doing full PI) is likely as long or longer than sticking with CDK.
> CDK Drive Updates rely on software called CDK SIA and another piece of software called Adaptiva which is installed on every computer that uses CDK Drive. If SIA or Adaptiva gets breached or has gotten breached they could remotely install malware on every computer that has CDK on it.
> (From insurance industry commentator) CDK is likely the data holder, but the dealership is probably the data owner. If any information of the client's dealership was acquired, it means that the dealership - NOT CKD - will need to provide breach notification, credit monitoring etc. [...] The dealerships need to work with their insurance guy to determine if this incident qualifies as a reportable, "circumstance." Failure to report a circumstance before renewal could later lead to a declination of coverage for this event. There are a few cyber insurers I know of that concentrate in this space. Large dollars on the line could easily lead to these insurers denying coverage later on to save their bottom line.
[1r] https://www.reddit.com/r/partscounter/comments/1dmbmy7/the_c...
[2r] https://www.reddit.com/r/serviceadvisors/comments/1djisf5/cd...
[3r] https://www.reddit.com/r/msp/comments/1djqnj3/any_of_your_ca...