BlackSuit cybercrime gang blamed in car dealers’ hack

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK. — Bloomberg

NEW YORK: A hacking group called BlackSuit is behind the cyberattack on CDK Global that’s paralysed car sales across the United States, according to Allan Liska, a threat analyst at the security firm Recorded Future Inc.

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK, which plans to make the payment, Bloomberg News reported.

CDK’s name was not listed on Monday on the website where BlackSuit names its extortion victims, a possible indication that the company is still in negotiations with the group or has paid a ransom, said Liska, who specialises in ransomware investigations and has been in discussions with those involved in the CDK case.

CDK declined to comment about the identity of the attackers on Monday.

The company expects to restore services within the coming days and is working with law enforcement, company spokesperson Lisa Finney said.

The US Department of Health and Human Services recently declared in an alert that BlackSuit should be “closely watched” as a threat, in part because of the gang’s ties with other extortion groups.

It uses malware and attack techniques that are remarkably similar to the defunct Russian-speaking Conti gang, suggesting to cyber researchers that BlackSuit is partly made up of experienced Russian hackers.

The group functions as a ransomware-service gang, in which members lease their technical tools to affiliates and demand a cut of any extortion payments.

BlackSuit has potential ties with another group known as Royal Ransomware, according to Jon Clay, a threat intelligence researcher at the cybersecurity firm TrendMicro.

BlackSuit’s malicious software shares code with Royal Ransomware tools, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The extent to which the groups are made of the same people remains unclear.

Royal Ransomware targeted at least 350 victims and demanded more than US$275mil in ransom fees in 2022 and 2023, according to the FBI and CISA, a unit of the Department of Homeland Security. — Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
CyberAttack , Ransomware , BlackSuit , CDKGlobal , CyberSecurity , DataBreach , TechCrime , ThreatIntelligence

Next In Business News
Kerjaya Prospek bags RM225mil contract for mixed development in Johor
Bank Islam CEO stays on till year-end to ensure smooth transition
FBM KLCI extends gains at midday amid broad market strength
Malaysia's IPI rises 6% in October, beating forecasts
JCorp gets 'gold' assessment for sustainable finance from MARC Solutions
Dollar staggers to third straight weekly drop as investors ponder Fed outlook �
Asian stocks rise after global gauge hits new peak
Disney to invest US$1bil in OpenAI, license characters for Sora video tool
CIMB sees 68% earnings surge for building materials in 2026
Vantris Energy rallies as turnaround results boost sentiment

Trending in Business

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.