BlackSuit ransomware (linked to Royal/Conti lineage) attacked CDK Global June 18 2024, disrupting dealer management systems for ~15,000 US auto dealerships. CDK suffered second attack during recovery attempt. Systems offline for ~2 weeks. CDK paid ~$25M ransom (387 BTC confirmed on chain June 21). Initial demand was $10M, reportedly raised to $50M+. Collective estimated impact to dealerships >$1B (Anderson Economic Group). Systems progressively restored June 28-July 4. Customer PII and financial data potentially exposed.