CDK Global has apparently paid to put a stop to the ransomware attack that recently crippled its business and shut down a large portion of North American auto dealerships.
Citing multiple anonymous sources familiar with the matter, CNN claims that CDK paid the attackers $25 million in cryptocurrency to unlock its systems.
The report said the company has not confirmed that it paid the ransomware demand, but multiple anonymous sources who have been “closely monitoring the incident” have said that it did.
(No) coincidences
In addition, two important things happened after the attack that can be linked together.
First, the payment was made in cryptocurrency, and all transactions made over the blockchain (the underlying technology for crypto) can be tracked. Sure, they’re pseudonymous, but despite that, on June 21, someone sent 387 bitcoin (approximately $25 million) to a cryptocurrency account identified as belonging to associates of BlackSuit, a known ransomware operation.
The address from which the money was sent belongs to a company that helps victims combat ransomware attacks, the sources said, without naming the company.
Second, CDK Global began bringing its systems back online approximately one week after the payment was made.
CDK, a company that provides software-as-a-service to auto dealers, suffered a major cyberattack in late June 2024, forcing the company to shut down most of its systems.
Companies that used CDK’s services were unable to perform most of their activities and had to do the little work they could still do with pen and paper.
Law enforcement agencies around the world do not encourage victims to pay ransoms because there is no guarantee that they will be able to restore their systems and keep their private data private. Furthermore, there is no guarantee that the same threat actors (or others) will not simply attack the company again in a month or two.
Instead, organizations should sharpen their cybersecurity practices and ensure that fresh backups are always available.
Through CNN