CDK reportedly paid $25 million to end US car dealership cyberattack: 3 things you should know

A notorious extortion group caused headaches for car sales and car service across the nation. Here's what happened.
Written by Artie Beaty, Contributing Writer
American car dealership
welcomia/Getty Images

A massive cyberattack caused chaos for US car dealerships, and both dealers and customers felt the effects.

According to BleepingComputer, a notorious extortion organization called the BlackSuit ransomware gang carried out a cyberattack on CDK Global on June 19. BlackSuit has conducted a number of high-profile attacks in the past several years, mostly against health care companies. As of July 3, CDK said that "substantially all" dealers are back online. The impacts could, however, be felt for weeks or even months to come. 

Also: The best VPN services of 2024: Expert tested and reviewed

CDK Global's software is the lifeblood of the car dealership industry. Dealerships use it for tracking what's on their lots, running credit checks, generating loan rates, completing sales contracts, processing payroll, and more. At least 15,000 dealerships, or more than half of all auto dealerships in the US, use CDK.

This attack forced dealerships to, at best, handle these tasks by hand and, at worst, not handle them at all. June isn't just a busy month for car sales; the Juneteeth holiday, the day of the attack, is a particularly busy day because many people are off work.

The impact was immediate, and an analyst told CNN that losses could be between $4 billion and $16 billion. For CDK, the losses were at least $25 million - the ransom the company reportedly paid. CDK has told affected dealerships, however, that it plans to give them "some financial relief," so the company's financial losses are rising.

How dealership customers are impacted

For dealership customers, this attack and subsequent disruption of business means several things.

1. If you're planning to buy a car, expect it to take longer. 

The attack affected nearly every part of the process, but in-house financing was one of the most delayed. Even though service has been restored, there's now likely a tremendous backlog of finance applications to sort out. If you have financing from an outside bank, or you're paying cash, you won't see as much of an issue.

2. If you buy a car, be ready to visit your local DMV. 

CDK software enables dealers to automatically register vehicles with the local government so they can file the appropriate paperwork and ready a license plate. With that software out of the picture, dealers, or even the customer, needed to make a trip to wait in even-longer-than-usual DMV lines. Dealers should be able to file this paperwork with CDK now, but don't be surprised if they have more to get through. It may be faster to just do this yourself.

3. Expect delays if you need service.

Dealerships use CDK software to schedule service appointments, keep track of parts inventory, and see service history. Service departments functioned without the software, but everything was written down on paper. Now that CDK software is back online, dealers will need to enter all of that paperwork. Multiply all the appointments, all the weeks, and all the dealerships affected, and it could be a pretty messy situation for service departments.

Also: Businesses' cloud security fails are 'concerning' - as AI threats accelerate

Blacksuit has made more than $275 million in ransom demands since September 2022, per BleepingComputer. CDK hasn't confirmed that it paid the ransom, but on June 21, about 387 bitcoin, or roughly $25,000,000, was sent to a cryptocurrency account associated with BlackSuit, crypto-tracking firm TRM Labs, told CNN.

The payment came from an account associated with a firm that helps victims respond to ransom attacks. With CDK coming back online a week later, it's not a huge leap to assume the funds came from CDK. 

Editorial standards