Automotive SaaS provider CDK paid $25 million ransom to hackers
Take action: Simple and mostly effective ransomware practices: Offline backups that can't be deleted by the ransomware on the servers, updated antivirus, patched browsers and OS deleting all data you no longer need and ongoing employee awareness about phishing. Or just have $25 million to pay the hackers.
Learn More
CDK Global, a leading software provider for car dealerships in North America, reportedly paid a $25 million ransom in Bitcoin to resolve a the major cyberattack that disrupted operations at more than 15,000 car dealerships across the United States.
The incident, which occurred a few weeks ago, was resolved through a ransom payment, as revealed by on-chain sleuth ZachXBT.
The paymnet of 387.367 BTC (approximately $25 million) was done on June 22, 2024 to a blockchain address controlled by BlackSuit ransomware group (bc1q0c). The payment was not done directly by CDK, instead it was facilitated through a specialized firm dealing with ransomware demands
CDK Global's services were fully restored shortly after the ransom payment. While the company did not publicly disclose the details of the resolution, on-chain data analysis confirmed the transaction. Blockchain intelligence platform TRM Labs corroborated the findings, indicating that the funds were moved to centralized exchanges following the transfer.
There are speculations regarding CDK Global's decision to wait a week after the ransom payment before restarting its services. This delay may have been to bolster security systems and ensure all vulnerabilities were addressed.
This incident marks the largest ransomware payment in 2024, surpassing the previous major payment by Change Healthcare in March, where 350 BTC (worth $22 million) was paid to the BlackCat ransomware group.
