Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

It looks like CDK paid a $25 million ransom in crypto to finally end its outage

Security.

CDK Global has apparently paid up in order to end the ransomware attack which recently crippled its operations, and brought a large part of North American car dealership businesses to a screeching halt.

Citing multiple anonymous sources familiar with the matter, CNN claims CDK has paid the attackers $25 million in cryptocurrency to unlock its systems. 

Its report says the company has not confirmed paying the ransomware demand, but multiple anonymous sources, “closely tracking the incident” have said this was the case.

(No) coincidences

Furthermore, two major things happened in the aftermath of the attack which could be tied together.

First, the payment was made in cryptocurrency, and all transactions done over the blockchain (the underlying technology for crypto) can be tracked. Surely enough, they are pseudonymous, but nevertheless, someone sent 387 bitcoin (roughly $25 million) on June 21, to a cryptocurrency account identified to belong to affiliates of BlackSuit, a known ransomware operation.

The address from which the money was sent belongs to a company that helps victims respond to ransomware attacks, the sources further said, without naming the firm. 

Second - CDK Global started bringing its systems back online roughly a week after that payment was made. 

CDK, a company that provides software-as-a-service for car dealerships, suffered a major cyberattack in late June 2024 which forced it to shut down most of its systems.

As a result, companies using CDK’s services were unable to conduct most of their business and were pushed back to pen and paper for whatever little work they could do.

Law enforcement agencies around the world do not encourage victims paying the ransom demand, since there is no guarantee that they will be able to restore their systems and keep their private data - private. Furthermore, there is no guarantee that the same threat actors (or different ones) won’t simply attack the firm again in a month, or two. 

Instead, organizations should work on tightening up their cybersecurity practices and keeping fresh backup copies at hand.

Via CNN

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.