BlackSuit cybercrime gang blamed in car dealers’ hack


The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK. — Bloomberg

NEW YORK: A hacking group called BlackSuit is behind the cyberattack on CDK Global that’s paralysed car sales across the United States, according to Allan Liska, a threat analyst at the security firm Recorded Future Inc.

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK, which plans to make the payment, Bloomberg News reported.

CDK’s name was not listed on Monday on the website where BlackSuit names its extortion victims, a possible indication that the company is still in negotiations with the group or has paid a ransom, said Liska, who specialises in ransomware investigations and has been in discussions with those involved in the CDK case.

CDK declined to comment about the identity of the attackers on Monday.

The company expects to restore services within the coming days and is working with law enforcement, company spokesperson Lisa Finney said.

The US Department of Health and Human Services recently declared in an alert that BlackSuit should be “closely watched” as a threat, in part because of the gang’s ties with other extortion groups.

It uses malware and attack techniques that are remarkably similar to the defunct Russian-speaking Conti gang, suggesting to cyber researchers that BlackSuit is partly made up of experienced Russian hackers.

The group functions as a ransomware-service gang, in which members lease their technical tools to affiliates and demand a cut of any extortion payments.

BlackSuit has potential ties with another group known as Royal Ransomware, according to Jon Clay, a threat intelligence researcher at the cybersecurity firm TrendMicro.

BlackSuit’s malicious software shares code with Royal Ransomware tools, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The extent to which the groups are made of the same people remains unclear.

Royal Ransomware targeted at least 350 victims and demanded more than US$275mil in ransom fees in 2022 and 2023, according to the FBI and CISA, a unit of the Department of Homeland Security. — Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Business News

BNM governor: Ringgit in right direction despite uncertainties caused by US trade war
He Group confident of sustaining growth momentum
Maybank appoints Malique Sidique as acting GCFO
SMRT eyes growth in key markets, expands footprint
Ringgit firmer against US dollar on sustained hope for Fed rate cut
Johor Plantations posts higher net profit of RM257.32mil for FY24
Teo Seng Capital expects stable performance for the year
EcoWorld sells land in Johor to Microsoft for RM693mil
Chemlite Innovation Bhd receives Bursa Securities approval for ACE Market listing
Bursa Malaysia ends lower, RichTech Digital surges 28%

Others Also Read