BlackSuit cybercrime gang blamed in car dealers’ hack

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK. — Bloomberg

NEW YORK: A hacking group called BlackSuit is behind the cyberattack on CDK Global that’s paralysed car sales across the United States, according to Allan Liska, a threat analyst at the security firm Recorded Future Inc.

The cybercrime group has demanded an extortion fee in the 10s of millions of dollars from CDK, which plans to make the payment, Bloomberg News reported.

CDK’s name was not listed on Monday on the website where BlackSuit names its extortion victims, a possible indication that the company is still in negotiations with the group or has paid a ransom, said Liska, who specialises in ransomware investigations and has been in discussions with those involved in the CDK case.

CDK declined to comment about the identity of the attackers on Monday.

The company expects to restore services within the coming days and is working with law enforcement, company spokesperson Lisa Finney said.

The US Department of Health and Human Services recently declared in an alert that BlackSuit should be “closely watched” as a threat, in part because of the gang’s ties with other extortion groups.

It uses malware and attack techniques that are remarkably similar to the defunct Russian-speaking Conti gang, suggesting to cyber researchers that BlackSuit is partly made up of experienced Russian hackers.

The group functions as a ransomware-service gang, in which members lease their technical tools to affiliates and demand a cut of any extortion payments.

BlackSuit has potential ties with another group known as Royal Ransomware, according to Jon Clay, a threat intelligence researcher at the cybersecurity firm TrendMicro.

BlackSuit’s malicious software shares code with Royal Ransomware tools, according to the US Cybersecurity and Infrastructure Security Agency (CISA).

The extent to which the groups are made of the same people remains unclear.

Royal Ransomware targeted at least 350 victims and demanded more than US$275mil in ransom fees in 2022 and 2023, according to the FBI and CISA, a unit of the Department of Homeland Security. — Bloomberg

×
Follow us on our official WhatsApp channel for breaking news alerts and key updates!

CyberAttack , Ransomware , BlackSuit , CDKGlobal , CyberSecurity , DataBreach , TechCrime , ThreatIntelligence

   

Report it to us.

Next In Business News
A house inspection outweighs its cost
Tenants and landlords have mutual responsibilities
Ringgit set for further appreciation amid cautious outlook on US economic data
Malaysia and Indonesia renew local currency bilateral swap agreement
Oil falls on the week on firmer supply outlook
Wong is CMI regional board member for Malaysia
Linking up golfers
Capital A, AAX overhaul is looking up
Long-term opportunity?
OB Holdings eyes RM28.8mil from ACE Market IPO

Trending in Business

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.