How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom | CNN Business (2024)

How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom | CNN Business (1)

Vehicles sit in a row outside a car dealership, June 2, 2024, in Lone Tree, Colo. CDK Global, a company that provides software for thousands of auto dealers in the US and Canada, was hit by a cyberattack in June.

CNN

CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the hackers, multiple sources familiar with the matter told CNN.

The company has declined to discuss the matter. Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer. But data on the blockchain that underpins cryptocurrency payments also tells its own story.

On June 21, about 387 bitcoin —then the equivalent of roughly $25 million —was sent to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit, Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN.

A week after the payment was made, CDK said that it was bringing car dealers back online to its software platform. Cryptocurrency allows for the exchange of digital assets outside of the traditional banking system, but a record of those transactions is accessible on the blockchain.

Janczewski did not identify who sent the payment, but threeother sources closely tracking the incident confirmed that a roughly $25 million payment had been made to BlackSuit affiliates and that CDK was very likely the source of that payment.Those sources spoke on the condition of anonymity because of the sensitive nature of the investigation.

The cryptocurrency account that sent the ransom payment is affiliated with a firm that helps victims respond to ransom attacks, one of the sources said, declining to identify the firm.

CDK spokesperson Lisa Finney did not respond to multiple requests for comment on Wednesday and Thursday on the apparent payment. Finney previously declined to answer questions on the subject.CDK CEO Brian MacDonald did not respond to email and LinkedIn messages seeking comment.

The ransom payment of $25 million hasn’t been previously reported. Bloombergreported that the hackers had made a multimillion-dollar ransom demand and that the company planned to pay.

The ransomware attack that hit CDK in mid-June disrupted thousands of auto dealerships that use the company’s software to manage everything from scheduling to sales and orders.CDKreferred to it as a “cyber incident” in statements to reporters. In a note to clients cited byCBS, CDK referred to it as a “cyber ransom event.”

CDK said last week that “substantially all” of the nearly 15,000 car dealerships that use its software across North America were back online to its core management system.

Federal officials generally discourage paying a ransom to cybercriminals because payments can fuel future attacks. But some companies feel they have no choice but to pay off hackers to try to recover sensitive customer data or get their systems back online.

The payment would be a windfall for arelatively new brandof ransomware criminals that emerged last year and has claimed numerous victims in the education and construction sectors, among others. BlackSuit’s malicious software is similar to that previously used by other Russian-speaking criminal groups,accordingto the US Department of Health and Human Services.

“The gang’s leadership has been conducting ransomware extortion operations since 2019 under other ransomware brand names,” said Jon DiMaggio, chief security strategist at cybersecurity firm Analyst1 who closely studies ransomware gangs.

“This is one of many examples I have seen over the years where a group is either shut down by law enforcement or decides to terminate its operation to rebrand under a new name and continue attacking and extorting organizations,” DiMaggio told CNN, adding that most of BlackSuit’s victims have been in the US.

Cybercriminals, in general, extorted a record $1.1 billion in ransom payments from victim organizations around the world last year despite US government efforts to cut off their money flows, Chainalysis, another crypto-tracking firm,said in a reportin February.

A $25 million ransom payment is certainly large but not unheard of in the lucrative ransomware economy. UnitedHealth Group, the health care conglomerate whose subsidiary suffered a ransomware attack in February that hobbled pharmacies across the US, paid a $22 million ransom to a different criminal group.

But the average ransom payment in the fourth quarter of 2023 was significantly lower: $568,705,accordingto cybersecurity firm Coveware.

How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom | CNN Business (2024)

FAQs

How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom | CNN Business? ›

CDK

CDK
CDK Global Inc. is an American multinational corporation based in Austin, Texas, providing data and technology to the automotive, heavy truck, recreation, and heavy equipment industries. CDK Global, Inc. Austin, Texas, U.S.
https://en.wikipedia.org › wiki › CDK_Global
Almost Certainly Paid a $25 Million Ransom. CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the hackers, multiple sources familiar with the matter told CNN.

Did CDK pay the ransom? ›

In a development highlighting the dangers of ransomware operations, CDK Global, a software provider for car dealerships across the US and Canada, has reportedly paid a $25 million ransom to the BlackSuit ransomware group.

What is guaranteed to happen once a ransom has been paid? ›

Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information.

Who bought out CDK? ›

Last April it was announced that CDK Global, Inc., was being acquired by Brookfield Business Partners for $8.3 billion. Under merger agreement terms, CDK shareholders were said to receive $54.87 per share in cash upon completion of the transaction.

Who was the ransom paid to? ›

Clearly, the Scriptures teach that it is God who is to be paid the ransom. It was God who we offended by our sins and it is to him that redemption is to be made. The debt that is owed is to God. The preciousness of God is that he is the only one who could afford to pay the price, which He did.

What is the largest ransom payment ever paid? ›

Historically the greatest ransom paid was that paid for Atahualpa, the last emperor of the Incas, to the Spanish conquistador Francisco Pizarro in 1532-3 at Cajamarca, Peru, which constituted a hall full of gold and silver, worth in modern money some $1.5 billion (£1 billion).

How is ransom payment normally done? ›

Ransomware attackers usually demand payment to be wired through Western Union or paid through a specialized text message. Some attackers demand payment in the form of gift cards like an Amazon or iTunes Gift Card. Ransomware demands can be as low as a few hundred dollars to as much as $50,000.

What are the chances the data will be released after the ransom is paid? ›

In a ransomware attack, paying the ransom does not guarantee that attackers will provide the decryption key. Even with the key, most organizations are unable to recover all their data with decryption alone. In one study, as much as 92% of companies failed to restore all their data even after paying the ransom.

Should the ransom to restore computer systems be paid? ›

Typically, nothing else will happen if you don't pay ransomware attackers, but your data will still be encrypted. You will need to restore your files from a backup, or determine if a decryption tool can be used. That is the recommended response: restore your data internally, so you don't have to pay the ransom.

How much was CDK Global Acquisition? ›

Paul, Weiss advised CDK Global, Inc., a leading automotive retail technology company, in its $8.3 billion all-cash acquisition by Brookfield Business Partners, Brookfield Asset Management's flagship private equity vehicle.

Was CDK Global a spinoff? ›

(ADP) completed the distribution to its stockholders of all of the issued and outstanding common stock of CDK Global, Inc. in a tax-free spin-off. The distribution completes the spin-off by ADP of its automotive dealer services business.

Who owns CDK software? ›

On April 7, 2022, CDK Global agreed to be acquired by Brookfield Business Partners and institutional partners for a total enterprise value of $8.3 billion.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Cheryll Lueilwitz

Last Updated:

Views: 5857

Rating: 4.3 / 5 (74 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Cheryll Lueilwitz

Birthday: 1997-12-23

Address: 4653 O'Kon Hill, Lake Juanstad, AR 65469

Phone: +494124489301

Job: Marketing Representative

Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking

Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.