CDK Global, a software firm serving car dealerships across the US that was hit by a cyberattack last month, reportedly paid a $25 million ransom to the hackers, according to sources familiar with the matter. The company has chosen not to comment on the situation, as tracking cryptocurrency payments can be complex due to the anonymity they offer. However, data on the blockchain revealed that about 387 bitcoin, equivalent to $25 million at the time, was sent to a cryptocurrency account controlled by hackers linked to the ransomware group BlackSuit.
A week after the payment was made, CDK announced that it was restoring car dealerships to its software platform. The payment of $25 million to BlackSuit was not publicly disclosed until now, as sources involved in the investigation have spoken on the condition of anonymity due to its sensitivity.
It is worth noting that federal officials discourage paying ransoms to cybercriminals as it can incentivize future attacks. However, some companies feel compelled to pay in order to recover valuable data or restore their systems. The ransom payment to BlackSuit could be a significant windfall for the criminal group, which has targeted various sectors in the past.
Overall, cybercriminals extorted a record $1.1 billion in ransom payments from organizations worldwide last year, despite efforts to disrupt their financial operations. While a $25 million ransom may seem substantial, it is not uncommon in the ransomware economy. In fact, the average ransom payment in the fourth quarter of 2023 was much lower at $568,705.
