CDK Global Paid Hackers $25 Million in Bitcoin to Resolve a Major Cyberattack

On-chain sleuth ZachXBT has revealed that CDK Global paid hackers about $25 million worth of Bitcoin to resolve a major cyberattack a few weeks ago.

Software provider for car dealerships in North America, CDK Global, suffered a major cyber breach a few weeks ago that affected more than 15,000 car dealerships in the US. The company announced later that its service is fully back online.

Although the company did not disclose how it fixed the issue, on-chain data has now shown that it opted to pay the ransom.

On-chain sleuth ZachXBT revealed that CDK Global paid about $25 million worth of Bitcoin to resolve the cyberattack.

Over 387 Bitcoin Were Transferred to BlackSuit

According to on-chain data shared by ZachXBT, CDK Global transferred 387.367 BTC—worth approximately $25 million—to bc1q0c on June 21. This address is reportedly controlled by hackers affiliated with the notorious ransomware group BlackSuit. Following the transfer, the hackers moved the funds to centralized exchanges.

Other on-chain intelligence analysts also backed up these claims. An earlier report by CNN revealed that blockchain intelligence platform TRM Labs also confirmed the transaction.

Interestingly, CDK did not send the funds directly to the attackers. Instead, it used the services of a firm that specializes in dealing with ransomware demands.

Meanwhile, there are speculations over why CDK waited a whole week after making the payments before restarting its service, especially given that it paid off the attackers quickly. The company likely wanted to boost its security systems and tidy up loose ends before resuming operations.

However, an earlier report suggested that CDK is considering meeting the attacker’s multimillion-dollar demand. Still, the amount paid as ransom appears to be a fraction of the financial impact of the incident.

Is Crypto-Related Ransomware Making a Comeback?

Ransomware attackers demanding payments in cryptocurrencies are not new, but this incident marks the biggest incident for these bad actors in 2024.

The last major ransomware payment was in March when Change Healthcare paid 350 BTC—worth $22 million—to the BlackCat or AlphV ransomware group.

Before then, crypto payments related to ransomware peaked at $1.1 billion in 2023, with victims ranging from major corporations such as Shell and British Airways to schools and hospitals.

With the attackers deploying various approaches, several law enforcement agencies, including the FBI, have declared war on ransomware criminals.

Security expert Winston Ighodaro commented:

“Backing up your data offline and using a good antivirus software helps prevent ransomware attacks most time but that doesn’t help frequently as attackers often threaten to upload victims confidential data unto the dark web either for sale or for anyone who cares.”

Incidents such as the recent attack on CDK Global show that the bad actors remain active, and cryptocurrencies are still one of their preferred means of payment. However, the public nature of blockchain networks means that it is easy to track their financial networks, which has helped law enforcement in the effort to bring down these bad actors.

The above is the detailed content of CDK Global Paid Hackers $25 Million in Bitcoin to Resolve a Major Cyberattack. For more information, please follow other related articles on the PHP Chinese website!