According to a published report, the price tag that CDK Global paid to cyber terrorists is believed to $25 million.
The story from CNN comes as CDK’s CEO Brian MacDonald has promised that the company’s customers will receive financial compensation in a letter going out to dealers.
Chris Janczewski, head of global investigations at crypto-tracking firm TRM Labs, told CNN about 387 bitcoin—the equivalent of roughly $25 million—was sent to a cryptocurrency account controlled by hackers affiliated with a type of ransomware called BlackSuit on June 21, the day after the company reported the cyberattack. CDK has not commented on any payment in regards to the ransomware attack.
Payment to BlackSuit
Janczewski did not identify who sent the payment, but the cable news outlet cited three other sources closely tracking the incident confirmed that a roughly $25 million payment had been made to BlackSuit affiliates and that CDK was very likely the source of that payment. Cryptocurrency allows for the exchange of digital assets outside of the traditional banking system, but a record of those transactions is accessible on the blockchain.
BlackSuit is widely believed to be a rebranding of the Royal ransomware operation, a direct successor to the Conti cybercrime syndicate. Comprising Russian and Eastern European threat actors, this organized gang has been a persistent security concern.
History of Attack
CDK Global, whose software is used at 15,000 auto dealers, was first attached on June 19 around 2:00 a.m. EDT, in an event that hampered operations at U.S and Canada dealerships. The company was able to restore some functions back online by that afternoon—but its systems were attacked again before the business day started on Thursday, June 20 and would be done for another two weeks.
The company reported that “substantially all” of the nearly 15,000 car dealerships that use its software across North America were back online to its core management system by July 2, just in time for the July 4 holiday sales weekend.
The cyberattack is expected to have a “significant” impact on sales for the month of June, according to J.D. Power officials.
“Because of the disruption to dealer software systems, June sales will not be reflective of actual consumer demand for new vehicles,” stated Thomas King, president of the data and analytics division at J.D. Power. “Instead, a significant number of sales that would have occurred in June are now likely to occur in July.”
MacDonald Letter
In the letter to their customers, MacDonald wrote that “we recognize the events have been challenging, and we will provide you with some financial relief” as he thanked dealers for their “patience and partnership through the restoration process.”
No specifics as to what that financial compensation may look like were shared, just that the CDK Customer Engagement Team “will share further details.”
Besides the financial promise, CDK is offering a free tool to conduct training to better prepare for potential cyber incidents “to help dealership employees avoid common pitfalls…(we have) taken steps to secure our environment and we will continue to work with top third-party security experts to constantly evolve our approach.”
The promise of financial compensation comes as the company is facing at least eight lawsuits in federal court have been filed against CDK. Several lawsuits are seeking class-action status and accuse the company of neglecting to properly protect their personal information from cyberattacks, which have become increasingly common. They’re requesting damages, an increase its efforts to protect personal information, and to purge all personally identifiable information (PII) related to the plaintiffs.