$25 Million Ransom Reportedly Paid to End Hack That Took Down 15,000 U.S. Dealers

Things are back to normal at 15,000 U.S. showrooms after a hack that brought operations nearly to a halt last month. Data processing firm CDK apparently paid a $25 million ransom to regain control of software controlling everything from sales prospects to payroll. But the damage has topped $1 billion in lost sales and other issues.

CDK Global reportedly paid a $25 million ransom to hackers following a cyberattack in mid-June that crippled operations affecting about 15,000 U.S. dealers.

The company is one of the largest data processing firms working with automotive retailers across the U.S. and the hackers disrupted showroom functions including sales prospects, payroll and service scheduling. According to several automakers, the attack resulted in the loss or delay of tens of thousands of car sales, the impact estimated by industry analysts to have topped $1 billion.

CDK reportedly paid a $25 million ransom in the form of 387 bitcoins, Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN. That mirrors reports by Bloomberg and comments made by several retailers speaking on background to Headlight.News.

The rise of ransomware.

Cybercriminals have become increasingly bold in recent years. On Friday, AT&T reported that the call and text messages of virtually all its cellphone customers from the second half of 2022 have been breached. In many cases these records include personal information that is then released or sold on the so-called “dark web,” often finding use in identity thefts.

Ransomware attacks, in particular, have become more and more common, with hackers attacking hospitals, pharmacies, public service operations and, in this case, one of the auto industry’s largest data services providers.

“We’re definitely not winning the fight against ransomware right now,” Allan Liska, a threat intelligence analyst at Recorded Future, told Wired magazine last month.

Federal lawmakers have tried to convince businesses not to pay ransomware. But faced with having their operations shut down, data erased or, in other cases, having private user information released to the public, many pay up. Chainalysis, a firm that tracks cyberattacks, estimated in a February report that $1.1 billion in ransoms were paid last year in the U.S. alone.

BlackSuit

It appears that CDK was hit by a ransomware program known as BlackSuit. How it attacked the company’s software is also unknown but hackers often gain entry through those with legitimate access to a company’s servers. They may be tricked into clicking on a link or downloading a file by a legitimate looking e-mail. Once inside, the software can attack and rewrite data or give access to hackers who then modify files.

CDK has so far failed to respond to a request for comment to Headlight.News and other news outlets. But CNN reported that the bitcoin payment was made to “BlackSuit affiliates” through a firm that “helps victims respond to ransom attacks.”

More Cybersecurity News

• CDK Cyberattack Cost Dealers $1 Billion
• Cyberattack Cripples Car Dealers Across U.S.
• Hackers Hijack June Sales

CDK to compensate dealers

“We recognize the events have been challenging, and we will provide you with some financial relief,” CDK Global CEO Brian MacDonald told dealers in a letter that was set to go out on July 11, according to Automotive News. He added that, “your CDK Customer Engagement Team will share further details.”

The impact of the ransomware attack was especially damaging because CDK provides data services to about half of all U.S. dealerships.

Among other things, the company’s letter noted that “we are offering to any dealer — regardless of whether or not they are a CDK customer — a free tool to conduct training to better prepare for potential cyber incidents and to help dealership employees avoid common pitfalls.”