BBG says CDK is prepared to pay tens of millions to the hackers in ransom to resolve.
RansomwareHackr.com time. Letâs go!
@oarfish18 howâs it been? I understand your group is all-in on their DMS.
4 Likes
Lol! Still doing deals and clenching cheeks hoping payments are right. I close them, they figure out the rest 
3 Likes
Based upon prior known ransom payments and the size of those companies, I suspect the ask is probably 100 million. Dealership contacts I know said owners would happily pay a portion of the ransom. That 100 million figure likely grew larger after CDK tried to circumvent paying the ransom the first time after going live again and immediately getting hacked again.
4 Likes
This is a much bigger than just âcanât sell carsâ. CDK cloud services stores all the deal jacket info such as credit applications, signed contracts etc. This data breach has a long lasting potential credit disaster for millions if the hackers get into their cloud storage. Almost all adults that have financed a car in the last 5+ years has a good chance the dealer used CDK and many of them use the cloud storage service.
Absolutely. They also do payroll for most of the dealerships they serve as well. Itâs the equivalent of WorkDay for us boring corporate folks.
That and everyone is getting suckered into being âall inâ on Microsoft. I work in the email security space and my job is trying to convince people that this is such a bad idea.
1 Like
Youâre giving too much confidence in how corporate folks work. Iâm sure someone thought of investing a ton in redundant systems to support a fall-back in the event of a successful cyber attack.
But then theyâll tell this future-minded employee to go screw off and pay some fat bonus to the person who instead came up with some cost savings initiatives.
The ideas have been there, and theyâre already in play lol
email security like what? Microsoft 365 which is where all of the MS exchange went to when it left on-prem ?
Everything going to M365, but also relying on their protection suite or bundles. E3 and E5 to replace MX based gateway solutions (inbound checks, malware scanning, BEC, etc.) or more recent API based products.
Consolidating all of your âsecurityâ into a single company that hosts your exchange and data is not a good idea, especially when their security is proven to not be effective.
1 Like
Its never just one product, there is always the crowdstrike suites and other gateways that perform scanning and AI/ML bs in real-time and after.
1 Like
The recovery will take about a month
Does this assume theyâve gone for a total rebuild over ransom payment?
Thatâs the goal is to have those different suites and to NOT consolidate. Microsoft is pricing their stuff so aggressively that people are getting hooked on their backup, endpoint, siem, email security, etc.
Just bad news all around when companies do that.
thats a guesstimate, we dont know how much data to restore, where its coming from also. Is it object store, is it disk, or is it offsite Tape ( doubt that last one ).
We need a federal law that makes it illegal to pay ransom in these situations. Change Healthcare paid, they still lost most of their customers and every fucking stitch of their customer data.
Tell me youâre living in 2022 without telling me youâre living in 2022.
If I wasnât under NDA, I would share some tea about some shady Microsoft fuckery that mid-2000s Oracle would be jealous of.
4 Likes
who would enforce that law? I assume its federal and not state. Lets assume your companies data gets taken ransom. You can pay and maybe get it back, or can you attempt to recover and/or rebuild. But how does that law protect your company ? At this point if any of your data gets compromised they give you a free year of credit monitoring service which I mean comon is just a joke for saying the bad guys know everything about you.
You can always DM me!
You could always give me a free Audi, DM me! Very unlikely at your current shop though.