// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / CDK Global
Breach Record

CDK Global

DISCLOSED 2024-06-20 · RANSOMWARE · RANSOMWARE

CDK Global, a provider of automotive dealership software, suffered a second ransomware attack while recovering from an initial breach. The attack is attributed to the BlackSuit ransomware group. The incident disrupted operations for thousands of car dealerships across North America.

The record

What we know

Disclosed
2024-06-20
Attack vector
Ransomware
Sector
automotive software
Country
US
Domain
cdkglobal.com
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · would prevent · opinion

A positive-security model that only allows known-good executables and rejects unauthorized changes would likely have blocked the ransomware deployment, as it would prevent the execution of the malicious payload and unauthorized encryption of files.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other ransomware breaches on file

This page is the permanent ColdRecon entry for the CDK Global disclosure. It updates if new public reporting emerges. All tracked breaches →

CDK Global just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →