As major cyber attacks on corporations increase, one auto software dealer has allegedly paid a staggering $25 million ransom after an attack crippled their systems last month.
Auto Dealership Cyber Attack
A widespread cyberattack crippled the North American auto dealership industry, launched by ransomware hacker ‘BlackSuit.’ Almost a month on and the industry has finally begun to recover from the attack, likely thanks to a hefty ransom payment.
CDK Reportedly Paid
According to multiple sources and reports it is likely the car dealership software firm CDK paid a staggering $25 million ransom to resolve the problem.
Insider Sources
The company, which provides software solutions for major dealerships across the country, has refused to confirm or comment on the reports. However, several insider sources have told CNN that it is almost certainly responsible for the transaction.
Taking an “Abundance of Caution”
The initial attack on CDK’s cloud-based system occurred on June 19, forcing the company to shut down its systems and take everything offline out of “an abundance of caution.”
15,000 Dealerships in the System
CDK software is used by 15,000 auto dealerships across the US and is implemented to track and manage various services such as sales, insurance, maintenance, repairs, and more, so the attack could have had major ramifications for the industry.
BlackSuit Cyberattack Confirmed
By June 21, news outlets had confirmed that the attack was orchestrated by BlackSuit, a cybercriminal team connected to Russian hacking groups. BlackSuit has been linked to 95 security breaches of companies around the world.
Introducing a “Phased Approach”
CDK then confirmed a shutdown spanning to the end of June, with a slow “phased approach” that would carefully reintroduce dealers to the system.
Cryptocurrency Payment Made
What the public did not know was that during this time – on June 21 specifically – approximately 387 bitcoins had been transferred to a cryptocurrency account held by BlackSuit.
Details from TRM Labs
“From there, about $15 million of those funds moved through a complex set of nearly 200 transactions following a common money laundering typology, then was distributed across more than 20 addresses at five different global exchanges,” TRM Labs, a “blockchain intelligence platform” for finance and crypto business, told reporters.
Anonymous Firm Connected
TRM Labs linked the sender account to an anonymous firm that helps cyberattack victims respond to ransom demands, but the money itself likely came from CDK.
Details Not Confirmed
Three days after the attack, Bloomberg alleged that the group had demanded a $25 million ransom and the company planned to pay. However, the details could not be officially confirmed.
Source Not Identified
Chris Janczewski, head of global investigations at TRM Labs, is one of these people who has now confirmed the payment but did not identify the source of the bitcoins.
All Signs Point to CDK
One week after the payment was made, CDK was able to systematically bring its system back online. Now, experts and insiders are insisting that CDK is the only likely source of the hefty ransom payment.
Anonymous Insiders Come Forward
Three insiders have shared information also confirming the $25 million payment and identifying CDK, though they have remained anonymous due to the sensitive nature of the case.
Company Won’t Respond
Both CDK spokesperson Lisa Finney and CEO Brian MacDonald have declined to answer questions or comment on the situation so far.
Federals Say Don’t Pay
Federal officials actively discourage companies from paying ransoms, particularly ones as large as this recent BlackSuit ransom, as it could incentivize hacker groups to launch more and larger attacks.
A Fraught Decision
However, for companies like CDK, these situations often put them between a rock and a hard place. Ignoring ransoms could put sensitive customer data at risk, and majorly delay their ability to get their systems up and running again.
UnitedHealth Attack
The federal advice may pay off in the long run, considering a recent attack on health insurance company UnitedHealth Group.
Double Ransom
Earlier this year the company was attacked by another ransomware group, named ALPHV/Blackcat, which infected a subsidiary of the company before demanding a $22 million ransom. Once the ransom was paid, a second group named Ransomhub demanded a second ransom from UnitedHealth.
Rising Rates of Cyberterrorism
Cyberattacks on major companies have only become more prolific and profitable in recent years. According to blockchain tracking firm Chainalysis ransomware groups netted a combined $1.1 billion from attacks in 2023, the highest amount on record so far.
21 Illegal Household Items You Might Be Unknowingly Keeping
You might think your home is your safe haven, but could it also be a cache of contraband? Are you unknowingly breaking the law with items tucked away in your drawers or closets? 21 Illegal Household Items You Might Be Unknowingly Keeping
VA to Axe 10,000 Employees Amid $11M Scandal Fallout
The VA is under fire after a damning report revealed the department is trying to rid itself of almost 10,000 staff members while trying to keep the lid on a multi-million dollar scandal. VA to Axe 10,000 Employees Amid $11M Scandal Fallout
End of an Era: 18 All American Firms Closing Doors in the US
American retail and dining is changing irreversibly. Iconic stores and restaurants that once defined the vibrancy of community life are now fading memories, leaving behind empty storefronts and a sense of loss. End of an Era: 18 All American Firms Closing Doors in the US
Featured Image Credit: Shutterstock / Jonathan Weiss.
The content of this article is for informational purposes only and does not constitute or replace professional financial advice.
The images used are for illustrative purposes only and may not represent the actual people or places mentioned in the article.