- Scale Hit: 15,000+ dealerships across US and Canada offline, sales, financing, service apps down for weeks.
- Financial Sting: $1.2 billion lost revenue; CDK paid $25 million ransom to BlackSuit gang after two strikes.
- Manual Mode: Dealers reverted to paper for inventory, parts, payments, 7.2% sales drop in June 2024.
- Recovery: Full restore July 4; now stronger with endpoint security, but supplier risks linger.
A massive ransomware attack on CDK Global back in June 2024 threw thousands of US car dealerships into disarray, shutting down digital operations for nearly two weeks and costing the auto industry over a billion dollars. The software provider, which handles everything from sales to scheduling for 15,000 locations, fell victim to the BlackSuit gang, who hit twice in quick succession. Dealers scrambled with pen and paper, delaying buys and repairs while the hackers demanded, and got, a hefty payout to unlock systems. This wasn’t just a blip; it exposed how one vulnerable supplier can grind an entire sector to a stop.
The Attack’s Ripple Effect
It started June 18 when BlackSuit slipped into CDK’s network, encrypting files and knocking out key apps for sales, inventory, and customer management. Dealerships from Ford to Toyota couldn’t process deals or pull parts lists, forcing cash-only manual work that slowed everything to a crawl. A second strike hit during recovery, dragging the outage to July 4. Brands like BMW and Nissan saw sales dip 7.2%, with J.D. Power pegging losses at $944 million in the first two weeks alone, totaling $1.2 billion industry-wide.
Customers faced waits for test drives or fixes, while staff juggled paper orders, phishing scams even popped up posing as CDK help. CDK shelled out $25 million in Bitcoin to get files back, plus millions more for recovery. They beefed up with better endpoint protection post-hack, but the episode showed how a single software gap can paralyze suppliers and end-users alike.
On Reddit, dealers shared war stories of hand-written invoices and lost deals, calling it a “nightmare for the books.” This supply chain wake-up pushes for tighter vendor checks, patch quick, segment networks, and test backups to avoid the next big stall.
The outage’s shadow lingers, but stronger defenses can keep the wheels turning next time.
CNN on CDK Chaos | Bloomberg Ransom Details | November 17, 2025
[1](https://www.psmpartners.com/blog/cdk-cyber-attack-on-auto-dealerships/)
[2](https://www.breachlock.com/resources/advisories/ransomware-attack-on-cdk-global-cripples-us-automotive-dealerships/)
[3](https://www.techtarget.com/whatis/feature/The-CDK-Global-outage-Explaining-how-it-happened)
[4](https://www.ispartnersllc.com/blog/car-dealership-cyberattack/)
[5](https://whatismyipaddress.com/ransomware-attack)
[6](https://www.centraleyes.com/explainer-the-cdk-global-ransomware-attack/)
[7](https://edition.cnn.com/2024/07/11/business/cdk-hack-ransom-tweny-five-million-dollars)
[8](https://www.gecreditunion.org/learn/education/resources/money-minutes/july-2024/ransom-event-impacting-15-000-auto-dealerships-resolved)
[9](https://www.cdkglobal.com/insights/state-cybersecurity-auto-dealerships-2024)
![Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]](https://sumtrix.com/wp-content/uploads/2025/06/30-12-120x86.jpg "Online Scam Cases Continue to Rise Despite Crackdowns on Foreign Fraud Networks [Myanmar]")
