It looks like CDK paid a $25 million ransom in crypto to finally end its outage

News
By published

Ransomware attack recently disrupted car sales across the US

security
(Image credit: Shutterstock / binarydesign)

CDK Global has apparently paid up in order to end the ransomware attack which recently crippled its operations, and brought a large part of North American car dealership businesses to a screeching halt.

Citing multiple anonymous sources familiar with the matter, CNN claims CDK has paid the attackers $25 million in cryptocurrency to unlock its systems. 

Its report says the company has not confirmed paying the ransomware demand, but multiple anonymous sources, “closely tracking the incident” have said this was the case.

(No) coincidences

Furthermore, two major things happened in the aftermath of the attack which could be tied together.

First, the payment was made in cryptocurrency, and all transactions done over the blockchain (the underlying technology for crypto) can be tracked. Surely enough, they are pseudonymous, but nevertheless, someone sent 387 bitcoin (roughly $25 million) on June 21, to a cryptocurrency account identified to belong to affiliates of BlackSuit, a known ransomware operation.

The address from which the money was sent belongs to a company that helps victims respond to ransomware attacks, the sources further said, without naming the firm. 

Second - CDK Global started bringing its systems back online roughly a week after that payment was made. 

CDK, a company that provides software-as-a-service for car dealerships, suffered a major cyberattack in late June 2024 which forced it to shut down most of its systems.

As a result, companies using CDK’s services were unable to conduct most of their business and were pushed back to pen and paper for whatever little work they could do.

Law enforcement agencies around the world do not encourage victims paying the ransom demand, since there is no guarantee that they will be able to restore their systems and keep their private data - private. Furthermore, there is no guarantee that the same threat actors (or different ones) won’t simply attack the firm again in a month, or two. 

Instead, organizations should work on tightening up their cybersecurity practices and keeping fresh backup copies at hand.

Via CNN

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.