Attacks against CDK Global, which has resulted in widespread disruptions in North American car dealerships since Tuesday, have been linked to the BlackSuit ransomware operation, BleepingComputer reports.
CDK Global was also noted by sources close to the matter to have entered negotiations with the threat operation, which was previously associated by the FBI and Cybersecurity and Infrastructure Security Agency with the Royal ransomware gang due to similar techniques and encryptor code. Such claims have not yet been confirmed nor denied by CDK Global but the software-as-a-service provider warned about social engineering attacks being targeted at dealerships, as well as a second intrusion that caused the complete shutdown of its IT systems. Impact from the CDK Global breach has already been confirmed by Penske Automotive Group and Sonic Automotive, both of which have continued operations despite disruptions to their respective dealer management systems.