15 July 2024

How did the auto dealer outage end? CDK almost certainly paid a $25 million ransom

Sean Lyngaas

Vehicles sit in a row outside a car dealership, June 2, 2024, in Lone Tree, Colo. CDK Global, a company that provides software for thousands of auto dealers in the US and Canada, was hit by a cyberattack in June. David Zalubowski/AP
CNN —

CDK Global, a software firm serving car dealerships across the US that was roiled by a cyberattack last month, appears to have paid a $25 million ransom to the hackers, multiple sources familiar with the matter told CNN.

The company has declined to discuss the matter. Pinpointing exactly who sends a cryptocurrency payment can be complicated by the relative anonymity that some crypto services offer. But data on the blockchain that underpins cryptocurrency payments also tells its own story.

On June 21, about 387 bitcoin — then the equivalent of roughly $25 million — was sent to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit, Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN.

A week after the payment was made, CDK said that it was bringing car dealers back online to its software platform. Cryptocurrency allows for the exchange of digital assets outside of the traditional banking system, but a record of those transactions is accessible on the blockchain.

Janczewski did not identify who sent the payment, but three other sources closely tracking the incident confirmed that a roughly $25 million payment had been made to BlackSuit affiliates and that CDK was very likely the source of that payment. Those sources spoke on the condition of anonymity because of the sensitive nature of the investigation.

The cryptocurrency account that sent the ransom payment is affiliated with a firm that helps victims respond to ransom attacks, one of the sources said, declining to identify the firm.

No comments: