BlackSuit cybercrime gang blamed in car dealers’ hack

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK. — Bloomberg

NEW YORK: A hacking group called BlackSuit is behind the cyberattack on CDK Global that’s paralysed car sales across the United States, according to Allan Liska, a threat analyst at the security firm Recorded Future Inc.

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK, which plans to make the payment, Bloomberg News reported.

CDK’s name was not listed on Monday on the website where BlackSuit names its extortion victims, a possible indication that the company is still in negotiations with the group or has paid a ransom, said Liska, who specialises in ransomware investigations and has been in discussions with those involved in the CDK case.

CDK declined to comment about the identity of the attackers on Monday.

The company expects to restore services within the coming days and is working with law enforcement, company spokesperson Lisa Finney said.

The US Department of Health and Human Services recently declared in an alert that BlackSuit should be “closely watched” as a threat, in part because of the gang’s ties with other extortion groups.

It uses malware and attack techniques that are remarkably similar to the defunct Russian-speaking Conti gang, suggesting to cyber researchers that BlackSuit is partly made up of experienced Russian hackers.

The group functions as a ransomware-service gang, in which members lease their technical tools to affiliates and demand a cut of any extortion payments.

BlackSuit has potential ties with another group known as Royal Ransomware, according to Jon Clay, a threat intelligence researcher at the cybersecurity firm TrendMicro.

BlackSuit’s malicious software shares code with Royal Ransomware tools, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The extent to which the groups are made of the same people remains unclear.

Royal Ransomware targeted at least 350 victims and demanded more than US$275mil in ransom fees in 2022 and 2023, according to the FBI and CISA, a unit of the Department of Homeland Security. — Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Business News

Asian stocks waver after tech earnings, yen at seven-week high
Deutsche Bank's profit streak ends with big lawsuit provision
Gross fixed capital formation recorded at RM314.8bil in 2023 - DoSM
SC urges consistent high-quality audits for public interest entities
Selling restarts on Bursa, FBM KLCI drops 7pts
GHL Systems' shares to be suspended on July 31
Malaysia's inflation remains 2% in June
Sime Darby, Porsche expand local assembly facility
Maybank says systems remain secure amid claims of database for sale on dark web forum
Sunway Property records RM1.1bil in nationwide bookings

Others Also Read