CDK Global cyberattack: See timeline of the hack, outages and when services could return

CDK Global, a major car dealership software company utilized by thousands of dealers nationwide, is picking up the pieces after a cyberattack resulted in a multi-day system shutdown.

The initial attack happened June 19, prompting the cloud-based software company to take all systems offline “out of an abundance of caution." CDK's system is used by more than 15,000 auto dealerships across North America to manage everything from vehicle acquisitions and sales to financing, insuring, repairs and maintenance.

As of Wednesday, July 3, the company is still working to get all impacted dealers back online. Complicating the initial attack were reports of a ransom from a criminal hacking group, though CDK has not publicly confirmed the existence of the multi-million dollar demand.

Here's a timeline of the events that brought thousands of dealers to their knees and forced them back to old-school paper bookkeeping.

USA TODAY has reached out to CDK Global for comment.

June 19

A cyberattack on CDK Global prompts the software company to announce a shutdown of most of its systems “out of an abundance of caution." 

CDK restored some systems that afternoon, but another cyberattack later that evening prompted the company to take the systems offline once again, USA TODAY previously reported.

While the company did not respond to questions about how many dealerships were impacted, CDK’s website says the company works with more than 15,000 retail locations across North America.

June 21

Bloomberg News reports that a group claiming to be hackers based in Eastern Europe is demanding millions of dollars in ransom connected to the hack. According to Bloomberg, an insider close to the situation said CDK planned to pay the demand.

Multiple outlets later reported that the group behind the attack was identified as BlackSuit, a cybercriminal team that spun off of an older, Russian-linked hacking group called RoyalLocker, according to Reuters.

Recorded Future ransomware analyst Allan Liska made the identification, with the company also saying the group has been responsible for at least 95 breaches at organizations across the globe.

June 22

CDK starts a restoration process expected to take "several days" to complete, spokesperson Lisa Finney told USA TODAY.

June 24

CDK Global sends a message to clients saying the shutdown will continue until at least the end of the month. However, Finney said the company had successfully brought a "small initial test group" of dealers back onto the system.

"Once validation is complete, we will begin phasing in other dealers," Finney said in an emailed statement. "We are also actively working to bring live additional applications − including our Customer Relationship Management (CRM) and Service solutions − and our Customer Care channels."

June 28

CDK continues getting systems back online in a “phased approach," having successfully brought two small groups of dealers and one large dealer group live, according to a company statement.

July 1

CDK issues a statement saying it plans to restore services to all dealers by Thursday, July 4.

“We are continuing our phased approach to the restoration process and are rapidly bringing dealers live on the Dealer Management System (DMS). We anticipate all dealers' connections will be live by late Wednesday, July 3, or early morning Thursday, July 4," CDK spokesperson Lisa Finney said to USA TODAY in an emailed statement, adding that the customer service channels have been restored for those experiencing issues.

July 4

The date all dealerships using CDK are expected to be back online following the attack.