Skip to content
Longterm Wiki
Back

BlackSuit ransomware group attacked CDK Global

web
blackfog.com·blackfog.com/cdk-global-ransomware-attack/

This article from cybersecurity vendor BlackFog covers a 2024 ransomware incident relevant to critical infrastructure protection and supply-chain risk; it is tangential to core AI safety but illustrates real-world cyber threats to dependent systems.

Metadata

Importance: 22/100news articlenews

Summary

In June 2024, the BlackSuit ransomware group attacked CDK Global, a software provider serving over 15,000 North American auto dealerships, encrypting critical systems and demanding over $50 million in ransom. The attack disrupted dealer management systems, sales, financing, and inventory tracking across major dealership chains for days. The incident illustrates cascading supply-chain risks when a critical third-party SaaS provider is compromised.

Key Points

  • BlackSuit ransomware group, linked to Royal and Conti groups, attacked CDK Global on June 18, 2024, forcing dealer management systems offline.
  • A second attack shortly after escalated ransom demands from $10 million to over $50 million.
  • Over 15,000 dealership locations including Lithia Motors, Penske Automotive, and Sonic Automotive were disrupted.
  • Dealerships lost access to customer data, inventory tracking, and transaction processing, causing significant revenue and trust losses.
  • The incident is a case study in third-party/supply-chain cyber risk and the real-world operational impact of ransomware on critical business infrastructure.

Cited by 1 page

PageTypeQuality
Cyberweapons RiskRisk91.0

Cached Content Preview

HTTP 200Fetched Mar 20, 202618 KB
[Skip to content](https://www.blackfog.com/cdk-global-ransomware-attack/#content)

[![BlackFog Logo](https://privacy.blackfog.com/wp-content/uploads/2025/03/BF-Primary-Logo-Inverse-e1742569299728.png)](https://www.blackfog.com/)

[Console Login](https://console.blackfog.com/)

# CDK Global Ransomware: What Happened and How It Impacted Businesses

![](https://privacy.blackfog.com/wp-content/uploads/2024/11/BF-Blog_CDK-Global-Ransomware_featured-image.png)

By [Rebecca Harpur](https://www.blackfog.com/author/rharpur/ "Posts by Rebecca Harpur")\|Last Updated: July 24th, 2025\|4 min read\|Categories: [Cybersecurity](https://www.blackfog.com/cybersecurity/), [Dark Web](https://www.blackfog.com/dark-web/), [Ransomware](https://www.blackfog.com/ransomware/)\|

**Contents**

## Introduction

In June 2024, North American auto dealerships faced a massive disruption when a [ransomware attack on CDK Global](https://www.techtarget.com/searchsecurity/news/366592898/Ransomware-hits-CDK-Global-public-sector-targets-in-June), a leading software provider for the automotive industry, crippled thousands of operations for days.

This article examines the CDK Global ransomware incident, its impact on automotive businesses, and cybersecurity best practices organizations can implement to protect themselves against similar [cyberthreats](https://www.blackfog.com/understanding-threat-actors-whos-behind-cyberattacks-and-how-to-stay-protected/).

## What is the CDK Global Ransomware Attack?

![CDK Global BlackSuit](https://privacy.blackfog.com/wp-content/uploads/2024/11/BF-Blog_CDK-Global-Ransomware_Mid-Banner.png)

CDK Global is a major technology provider offering software and IT solutions to over 15,000 dealership locations across North America.

On June 18, 2024, CDK Global experienced a cyberattack orchestrated by the [BlackSuit ransomware group](https://www.reuters.com/technology/cybersecurity/blacksuit-hacker-behind-cdk-global-attack-hitting-us-car-dealers-2024-06-27/), known for ties to the [Royal](https://www.blackfog.com/the-top-10-ransomware-groups-of-2023/) and [Conti](https://www.blackfog.com/the-top-5-ransomware-takedowns/) ransomware groups.

The CDK ransomware attack encrypted key files and systems, prompting CDK Global to take its dealer management systems offline to contain the damage.

Shortly after the first attack, a [second attack forced further shutdowns](https://www.cpomagazine.com/cyber-security/saas-provider-cdk-global-suffers-a-second-cyber-attack-disrupting-thousands-of-auto-dealers/), and the attackers escalated their ransom demand from $10 million to over $50 million.

## How Did the CDK Ransomware Attack Affect CDK Global and Its Clients?

The CDK ransomware [attack](https://www.blackfog.com/successful-cyberattack-vectors-common-threats-and-how-to-stop-them/) exemplifies just how deep the impacts of ransomware can be to businesses that rely on third-party providers. Extensive disruptions from [thousands of auto dealerships](https://retail-syst

... (truncated, 18 KB total)
Resource ID: 3e69f775edf838f4 | Stable ID: ZTcxMjIzOT