Ransomware Attack Affects Parts & Service Network for 15,000 Auto Dealerships

[michaelluscher]

Normally I couldn't care less about salespeople, but it's end of month and that commission don't earn itself

I'm sympathetic to those trying to earn a living
They still paying you something @AutoMechanic ?

 

[clinebarger]

Normally I couldn't care less about salespeople, but it's end of month and that commission don't earn itself

I'm sympathetic to those trying to earn a living
They still paying you something @AutoMechanic ?

I believe he's hourly?

 

[AutoMechanic]

Normally I couldn't care less about salespeople, but it's end of month and that commission don't earn itself

I'm sympathetic to those trying to earn a living
They still paying you something @AutoMechanic ?

They pay me either way because I’m hourly. For the flat rate guys they are averaging what they typically make in 8 hours and paying them that.

 

[nthach]

Some are up, some aren't. There are parts people reporting they are getting calls stating they are from CDK asking for login information, but they are actually whoever did the ransonware attack.

I think someone at CDK either got phished or fell victim to ransomware like Akira. Dealing with it ain’t fun.

 

[AZjeff]

It’s a shame (crime) that something like this has to happen for a company the size of CDK to harden it’s system.

IT guys, is this inevitable or can it be prevented by being proactive?

 

[Dave Hess]

They pay me either way because I’m hourly. For the flat rate guys they are averaging what they typically make in 8 hours and paying them that.

When will you become a Flat Rate Tech ?

 

[AutoMechanic]

When will you become a Flat Rate Tech ?

Someday hopefully lol. Gotta learn how to be a little faster. I’ve gotten the efficiency part figured out but I’m not fast enough for most jobs though.

 

[Dave Hess]

Someday hopefully lol. Gotta learn how to be a little faster. I’ve gotten the efficiency part figured out but I’m not fast enough for most jobs though.

Don’t forget the diesel side of the business that pays well.

 

[D60]

It’s a shame (crime) that something like this has to happen for a company the size of CDK to harden it’s system.

IT guys, is this inevitable or can it be prevented by being proactive?

They shoulda watched the Ashley Madison documentary!

 

[Pew]

It’s a shame (crime) that something like this has to happen for a company the size of CDK to harden it’s system.

IT guys, is this inevitable or can it be prevented by being proactive?

Inevitable for the most part but the amount of damage caused can be mitigated alot by a proactive IT department and well informed users. But when you have a big system with many, many users and many external facing systems, it's so hard to plug up all the holes. My experiences are with SMBs though; I've never had to administer large systems and data centers.

And then you have the now becoming ever so more popular.

 

[Dave Hess]

I work in healthcare and they regularly send phishing emails to see if you click on the link.

Some employees click on the most basic phishing email links.

 

[bdcardinal]

I work in healthcare and they regularly send phishing emails to see if you click on the link.

Some employees click on the most basic phishing email links.

Our old IT guy for the company signed us up for those emails. I clicked on one and then had to do training so now I report everything. Funny thing is our IT guy retired and they hired a company do handle our IT. To be honest I don't trust them because I have made multiple Star Wars jokes around them and get no response whatsoever. Anyway, they sent out a company wide email stating that multiple employees had been receiving phishing emails and they were looking into it. I found the old email from a few years ago telling us about the program and forwarded it to them. I was told they appreciated the communication, but they were looking into it further.

 

[eljefino]

These attacks on American businesses should be treated no differently than armed robbery, or terrorist activity resulting in full blown reaction at the highest levels. Including military response.

Putting 15K businesses in peril effecting hundreds of thousands of people is basically an act of war.

The FBI should and does investigate cyber attacks. If this is found to be state sponsored (eg Russia/China/NK) to specifically hurt the US that should be run through the proper channels. But a business that offers cloud services to other businesses should meet industry standards for cyber attack "hardness" and if not should be sued into absolute oblivion so a better company can take its place and offer reliable services.

This isn't too much different from an airline reservation system going haywire, Target losing millions of credit cards, or the US OPM losing millions of security clearance SF-86 forms with peoples complete identities within. There are information technology best practices that are often not implemented by companies thinking IT is an expense to be minimized and corner-cut.

There's probably a legal solution to this, if a company wants to do business with the US government or credit card clearing banks they need to carry a trillion dollar insurance policy, and the insurance company will require X, Y, and Z from the IT department.

 

[JeffKeryk]

It’s a shame (crime) that something like this has to happen for a company the size of CDK to harden it’s system.

IT guys, is this inevitable or can it be prevented by being proactive?

Remember, you cannot protect against a new threat until you know what it is. Security is always reactive.
And then again you always have employees that think that that they can turn off the protection...

 

[fdcg27]

This type of setup with huge numbers of users of varying degrees of sophistication would appear to be quite vulnerable and not that hard to successfully target.
Out of a thousand phishing emails you'd only need one in which a user clicks on a link.
Phishing emails are common. I see them regularly at work.
Not all users will spot them and avoid clicking on any link even though we all have mandatory IT security training.

 

[Jimmy9190]

Looks like CDK is negotiating with the dirtbag criminals to pay the ransom, which is the absolute worst thing they could do. This kind of crime will only get worse and more prevalent if the victims keep paying.

https://www.bleepingcomputer.com/ne...outage-caused-by-blacksuit-ransomware-attack/

 

[racerviii]

Looks like CDK is negotiating with the dirtbag criminals to pay the ransom, which is the absolute worst thing they could do. This kind of crime will only get worse and more prevalent if the victims keep paying.

https://www.bleepingcomputer.com/ne...outage-caused-by-blacksuit-ransomware-attack/

CDK had no choice. It was the only thing they could do to survive this. Be thankful on one hand because the info they stole isn't (hopefully) going to be dumped on the dark web. Now the question is will CDK survive the aftermath. They will get sued up the wazoo and dealerships that use them will bail which serves them right because they are a terrible company.

 

[andrew_j]

What people don't realize is how absolutely difficult this makes things for everyone. All of the parts inventory information, quantities on shelves, pricing, etc are all in these systems. Every vehicle that has been sold and serviced at these dealers, along with any customer and employee information has been compromised.

And the company you use will take little responsibility for damage and scramble to do what they knew they had to do but were too lazy , hire a professional cybersecurity consultant.

 

[fdcg27]

On the front end, it would appear that CDK has few options.
On the back end, money doesn't move untraceably, not even crypto.
A good portion of the ransom paid by Colonial Pipeline in Bitcoin was recovered through quick and exemplary investigative work by the FBI.
It may be that security breaches are inevitable and that the more promising approach would be to ensure that ransom payments are tracked and seized, with the perps being identified to international policing organizations and subject to arrest whenever they might venture out anywhere into the developed world.
Making a few million USD for a little hacking would be nice. Not being able to leave Russia or Bulgaria except to visit from one to the other forever might be somewhat less so.

 

[bdcardinal]

Supposedly it is still down for an unknown time period.