It looks like CDK paid a $25 million ransom in crypto to finally end its outage
Ransomware attack recently disrupted car sales across the US
CDK Global has apparently paid up in order to end the ransomware attack which recently crippled its operations, and brought a large part of North American car dealership businesses to a screeching halt.
Citing multiple anonymous sources familiar with the matter, CNN claims CDK has paid the attackers $25 million in cryptocurrency to unlock its systems.
Its report says the company has not confirmed paying the ransomware demand, but multiple anonymous sources, “closely tracking the incident” have said this was the case.
(No) coincidences
Furthermore, two major things happened in the aftermath of the attack which could be tied together.
First, the payment was made in cryptocurrency, and all transactions done over the blockchain (the underlying technology for crypto) can be tracked. Surely enough, they are pseudonymous, but nevertheless, someone sent 387 bitcoin (roughly $25 million) on June 21, to a cryptocurrency account identified to belong to affiliates of BlackSuit, a known ransomware operation.
The address from which the money was sent belongs to a company that helps victims respond to ransomware attacks, the sources further said, without naming the firm.
Second - CDK Global started bringing its systems back online roughly a week after that payment was made.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
CDK, a company that provides software-as-a-service for car dealerships, suffered a major cyberattack in late June 2024 which forced it to shut down most of its systems.
As a result, companies using CDK’s services were unable to conduct most of their business and were pushed back to pen and paper for whatever little work they could do.
Law enforcement agencies around the world do not encourage victims paying the ransom demand, since there is no guarantee that they will be able to restore their systems and keep their private data - private. Furthermore, there is no guarantee that the same threat actors (or different ones) won’t simply attack the firm again in a month, or two.
Instead, organizations should work on tightening up their cybersecurity practices and keeping fresh backup copies at hand.
Via CNN
More from TechRadar Pro
- Microsoft slammed for sending out hack email warnings that look an awful lot like spam and phishing attacks
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.