BlackSuit Gang Blamed in Cyberattack on Car Dealers

https://www.ttnews.com/sites/default/files/styles/600x314_with_tt_orange_bar_overlay/public/2024-06/Car-dealers-getty-1200.jpg

(Bilanol/Getty Images)

[Stay on top of transportation news: Get TTNews in your inbox.]

A hacking group called BlackSuit is behind the cyberattack on CDK Global that has paralyzed car sales across the U.S., according to Allan Liska, a threat analyst at the security firm Recorded Future Inc.

The cybercrime group has demanded an extortion fee in the tens of millions of dollars from CDK, which plans to make the payment, Bloomberg News reported on June 21. CDK’s name was not listed June 24 on the website where BlackSuit names its extortion victims, a possible indication that the company is still in negotiations with the group or that it has paid a ransom, said Liska, who specializes in ransomware investigations and has been in discussions with those involved in the CDK case.

A CDK spokesperson declined to comment about the identity of the attackers June 24. The company expects to restore services within coming days and is working with law enforcement, according to Lisa Finney, a CDK spokesperson.

BlackSuit appears to be a group of Russian and Eastern European hackers with a history of working with a group known as Royal Ransomware, according to Jon Clay, a threat intelligence researcher at the cybersecurity firm TrendMicro. It functions as a ransomware-as-a-service gang, in which members leases their technical tools to affiliates and demand a cut of any extortion payments.

BlackSuit’s malicious software shares code with Royal Ransomware tools, according to the U.S. Cybersecurity and Infrastructure Security Agency. The extent to which the groups are made of the same people remains unclear.

Royal Ransomware targeted at least 350 victims and demanded more than $275 million in ransom fees in 2022 and 2023, according to the FBI and CISA, a unit of the Department of Homeland Security.

BlackSuit group specializes in hacking Linux and Windows systems, according to the cyber firm Tripwire Inc. The desktop wallpaper on breached computers directs to a ransom note encouraging the victim to contact the group via a site on the dark web.

The same gang previously published hundreds of files stolen from the police department in Kansas City, Kan. Nearly 200 plasma donation centers worldwide also shut down as a result of BlackSuit’s activity in April. The group has claimed credit for attacks on a Georgia school system and for stealing more than 200 gigabytes of data from an Indiana University.

Cybersecurity news site Bleeping Computer previously reported on BlackSuit’s involvement in the CDK hack, citing unnamed sources.

<<<- Go Back