CDK Global: Outage Expected To Last Several More Days

The maker of software used by thousands of car dealerships says June 30 is likely to be the soonest it will be able to recover from last week’s cyberattacks.

CDK Global said Tuesday that it expects to need at least through the weekend to recover in the wake of a pair of cyberattacks, with June 30 targeted as the earliest date for ending the outage that has disrupted thousands of car dealerships.

Austin, Texas-based CDK, a provider of software used by 15,000 dealerships, shut down most of its systems after the cyberattacks struck on June 18 and 19. CDK provides SaaS-based CRM, payroll, finance and other key functions for dealerships.

[Related: Fallout From Snowflake Attacks Continues As Neiman Marcus Confirms Data Breach]

In a recorded message for customers Tuesday, CDK said that it wants “to be as transparent as possible with you.”

“We do feel it's important to share that we do not believe that we will be able to get all dealers live prior to June 30,” the company said in the message. “Should you need to make alternate plans for your month-end financial close process, you should do so.”

CDK had said Monday that it has begun to restore its systems following the back-to-back attacks.

The disclosure followed media reports indicating that the company was planning to make a ransom payment, purportedly worth tens of millions of dollars, with the goal of recovering its systems more quickly. CDK declined to comment Monday on the reports.

In the recorded message Tuesday, CDK said that it is “continuing the restoration process of our core applications and [is] making significant progress.”

CRN has reached out to CDK for further comment.

Late Friday, Bloomberg reported that a cybercriminal group was demanding tens of millions of dollars, and that CDK intended to pay the ransom. BleepingComputer reported Saturday that the BlackSuit ransomware group, believed to be the new name for the group known as Royal Ransomware, was behind the CDK incident.

While CDK was working to recover from the first attack last week, the company was struck by a second attack late on Wednesday evening, according to CDK.

“Late in the evening of June 19, we experienced an additional cyber incident and proactively shut down most of our systems,” CDK said in a statement provided to CRN last week.

The system shutdown resulted in an outage that has severely affected thousands of car dealerships. “CDK basically runs our entire store,” a staff member at a car dealership in New Castle, Pa., said in an email to CRN Friday.