CDK Global describes the cyber attack that paralyzed its software platform as a “ransomware event.”

CDK Global is now making a recall The cyber attack that took down its software platform For its car dealership customers, a “ransom event” occurred.

In a note to customers on Saturday, CDK acknowledged for the first time that the hackers who created the distributor management system, or DMS, Unavailable to customers for several daysdemanding a ransom to restore its systems.

“Thank you for your patience as we recover from the June 19 cyber ransomware event,” CDK said in a note to customers on Saturday, according to a copy of the email obtained by CBS MoneyWatch.

CDK added in the memo that it has begun restoring its systems and expects the process of bringing key applications back online will take “several days, not weeks.”

Beware of phishing

In its memo, the company also warned car dealerships to be wary of phishing scams, or entities that pretend to be CDK but are actually bad actors trying to obtain private information like customer passwords.

A CDK spokesperson told CBS MoneyWatch that it is providing clients with “alternative ways of doing business” while its systems remain down.

The cybercriminals behind the CDK attack are linked to a group called BlackSuit. Bloomberg reported on Monday, citing Alan Liska of computer security firm Recorded Future. On June 21 storyThe media also said that the hackers were demanding tens of millions of dollars and that CDK planned to pay the ransom.

Liska did not immediately respond to a request for comment. CDK itself did not indicate which group was behind the attack on its system It disrupted car dealerships across the United States Since last week. Companies targeted in ransomware schemes are often reluctant to disclose information in the midst of negotiations with hackers over payment.

“When you see an attack like this, it almost always ends up being a ransomware attack,” Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, told The Associated Press. “We see it over and over again, unfortunately.” [particularly in] The last two years. “No industry, organization or software company is safe.”

“Do everything manually”

The hack has left some car dealers completely unable to do business, while others have reported using pen, paper, and even “sticky notes” to record transactions.

Tom Mawley, owner of Celebrity Motor Car Company, which operates five luxury car dealerships in New York and New Jersey, on Monday told CBS MoneyWatch that his employees “do everything by hand.”

“We’re trying to keep our customers happy and the biggest problem is the banking side of things, which is fully subsidized. We can’t finance deals,” he said.

Asbury Automotive Group, a Fortune 500 company that operates more than 150 new car dealerships across the U.S., said in a statement Monday. He said The attack “adversely impacted” its operations and hampered its ability to conduct business. Koons Automotive dealers in Maryland and Virginia, which do not rely on CDK software, were able to operate without interruption, the company said.

Ransomware attacks She is on the rise. In 2023, more than 2,200 entities, including hospitals, schools and U.S. governments were directly affected by ransomware, according to Emisoft, an anti-malware software company. In addition, thousands of private sector companies were targeted. Some experts believe the only way to stop such attacks is to ban ransom payments, which Emisoft said would lead bad actors to “quickly pivot and move from high-impact, encryption-based attacks to other, less disruptive forms of cybercrime.”

Earlier this year, the US State Department announced She offered $10 million in exchange for the identities One of the leaders of the Hive Ransomware gang, which since 2021 has been responsible for attacks on more than 1,500 organizations in more than 80 countries, resulting in the theft of more than $100 million.