The hacking group responsible for the CDK Global cyberattack is believed to be based in Eastern Europe.
CDK Global initially responded to the ransomware attack by shutting down its data centers, IT systems, and login services after discovering the breach on June 19. The company briefly restored some services on the same day but had to deactivate them again due to a second cyberattack. CDK warned dealers that their systems would likely be unavailable for several days and advised them not to attempt accessing the DMS until the system's security could be confirmed.
The hackers demanded tens of millions of dollars in ransom from CDK Global, a software provider to thousands of car dealerships in North America4. The hacking group behind the attack is believed to be based in eastern Europe5. CDK is reportedly planning to make the payment, but discussions are fluid and the situation could change5.