close
close

Ransomware attacks CDK Global and public sector targets in June

Posted on by darion

While one of the most serious ransomware attacks in June targeted software provider CDK Global, the threat also had a devastating impact on local governments and paralyzed public services.

Ransomware attacks on the public sector continued last month, with several U.S. schools and cities reporting network disruptions in June that forced closures and difficult ransom decisions.

While local governments, cities and schools have been the primary targets of attacks, CDK Global fell victim to a ransomware attack that demonstrated just how disruptive this threat is to victim organizations.

On June 18, Illinois-based CDK Global began experiencing outages due to a ransomware attack. CDK Global is an automotive technology provider that currently services 15,000 dealerships. In a statement to The Record, CDK Global spokeswoman Lisa Finney said the provider proactively forced the majority of its systems offline to contain the attack, which caused disruptions that significantly impacted its end customers.

One customer, Sonic Automotive, reported in an 8-K filing on June 19 that CDK had notified customers that it was suspending certain system operations.

“As a result, the Company experienced disruptions in the operation of its Dealer Management System (“DMS”) operated by CDK, which supports key dealership operations, including sales, inventory management and accounting functions, as well as its Customer Relationship Management (“CRM”) system,” Sonic Automotive wrote in its Form 8-K filing.

That same day, Bleeping Computer reported that CDK had suffered a second attack while it was undergoing remediation efforts. Then, two days later, the cybersecurity news outlet revealed that attackers were calling customers and impersonating CDK agents to gain access to their systems. This technique, known as vishing, is becoming increasingly common in the threat landscape. The BlackSuit ransomware gang took responsibility for the CDK attack.

Since last Monday, USA today announced that CDK announced the resumption of operations on Thursday.

In another ransomware attack on the private sector, Patelco Credit Union in Dublin, California, confirmed that it had been hit June 29 by an attack that made it difficult for customers to access their financial accounts. Patelco forced its systems offline to contain the attack, which affected online banking services, the credit union’s mobile app and call center operations. Services such as wire transfers, direct deposits, balance inquiries and payment systems were then unavailable to customers.

Patelco said it is working with cybersecurity experts, law enforcement and regulators to respond to the incident. The credit union assured customers it would refund late payment fees incurred as a result of the outages. Patelco added it would write letters on behalf of customers about credit score concerns.

Customers were also advised that Patelco ATMs may continue to experience intermittent outages during the recovery process. “Currently, you can access your direct deposit funds by writing a check, using your ATM card to receive cash, or making a purchase,” Patelco wrote in a July 2 update. “We do not underestimate how severely this has impacted our members.”

Attacks on the public sector continue

Traverse City, Michigan, has revealed that it suffered a ransomware attack on June 12 that impacted city government operations as well as public offices in Grand Traverse County. The city forced systems offline as a proactive measure and has engaged law enforcement in the investigation. In its latest update on June 14, the city said the public safety emergency number had been restored, but water, sewer, and tax payment services remained unavailable.

On June 25, The Ticker reported that Traverse City commissioners voted to update the city’s insurance policy in response to the attack. The city now has a policy that provides a total of $2 million in coverage for cybersecurity incidents, according to the local news outlet. As with the CDK incident, BlackSuit also claimed responsibility for the attack in communications with the city.

Newberg-Dundee Public Schools in Oregon also suffered a ransomware attack on June 12. Newberg’s Graphics reported that the attack affected the school’s ability to finish the school year. The article also highlighted a statement from Superintendent Paula Radich, who revealed that access to the system and data had been disrupted due to the attack. Radich added that the district is “already taking steps to protect our data” and said it was difficult to assess when systems would be fully restored.

Closing of town halls

Another of the most serious attacks in June hit Cleveland City Hall. Cleveland City Hall revealed that the city experienced a cybersecurity incident on June 10 that forced it to shut down affected systems and close City Hall for nearly two weeks. Cleveland residents were unable to submit payments, permits, or applications for construction or housing. In an update on June 18, the city said that some operations would resume on June 20.

“Despite the temporary closure of City Hall, essential city services, including public safety, trash collection, recreation centers, airport operations, Cleveland Public Power, water and water pollution control, continued to operate normally to ensure the continued well-being and safety of our residents,” the city wrote in an update.

According to another update posted on the city’s Facebook page, City Hall reopened on June 20, 10 days after the initial attack. On June 19, ABC News 5 Cleveland released additional information about the city’s ransom demand. In a statement to the news outlet, Sarah Johnson, Cleveland’s communications director, said the city had no intention of paying the ransom at the time. An investigation into the extent of the data theft was also ongoing.

The BlackByte ransomware group claimed responsibility for a June 10 attack on the city of Newburgh, New York. The city disclosed the incident on June 14, saying it had affected some public services, such as property tax payments, water, sewer, sanitation, and parking. There were also “minor disruptions” to police, fire, water, engineering, and recreation departments.

Newburgh said City Hall reopened on June 17 after telephone and email service was restored.

“The City’s systems for processing and accepting payments will be phased in over the next seven to 10 days, and a grace period will be established for late property tax, water, sewer and sanitation payments during the City’s payment systems downtime,” the City of Newburgh said in a statement.

In a June 12 statement to Westchester News 12, Orange County Supervisor Steve Neuhaus confirmed the incident was a ransomware attack. Neuhaus also revealed that the city had issued emergency laptops and communication tools to the Newburgh Police Department.

On June 20, Mid Hudson News revealed that Newburgh had a $1 million cyber insurance policy. Newburgh Mayor Torrance Harvey told the media that the details of a possible ransom payment were left to the insurance company and the FBI. While it is unclear whether the city paid or not, services were being restored as of June 20.

Arielle Waldman is a TechTarget Editorial writer covering enterprise security.