CDK Global Allegedly Paid $25M Ransom to BlackSuit Ransomware Gang

Published on July 15, 2024
Written by:
Lore Apostol
Lore Apostol
Cybersecurity & Streaming Writer
Edited by:
Novak Bozovic
Novak Bozovic
Tech & VPN Content Specialist

American retail technology and software provider CDK Global reportedly sent a $25 million ransom in Bitcoin to the hacker group that attacked the software firm on June 19, causing a significant disruption to nearly 15,000 car dealerships in the U.S., according to a CNN report.

The company was hit by two close attacks that brought its systems to a halt, with CDK saying on June 20 that they started the process to restore their systems and planned to pay the ransom in a bid to restore normalcy. 

The attack reportedly came from a hacker group in Eastern Europe, which is believed to be the BlackSuit ransomware gang.

The process of how CDK restarted its business hasn't yet been disclosed. Still, the head of global investigations at crypto-tracking firm TRM Labs told CNN a cryptocurrency account controlled by hackers affiliated with BlackSuit ransomware received roughly $25 million in Bitcoin on June 21 from a firm that helps victims respond to ransom attacks.

CDK Global is a software-as-a-service (SaaS) provider offering a dealer management system (DMS) for day-to-day processing. The DMS is used for stocking vehicles, ordering services or parts, deliveries, inventory, accounting, and the customer relationship management (CRM) system. 

Penske Automotive Group and Sonic Automotive, which announced the disruption of their services, are among the affected client companies, but Asbury, AutoNation, Group 1, Lithia, and Sonic chains are also on the list of impacted customers.

BlackSuit is a suspected rebrand of the Royal ransomware operation, which is believed to be the successor of the Conti cybercrime group of Russian and Eastern European threat actors. 

In June, BlackSuit allegedly published hundreds of sensitive police files stolen from the Kansas Police Department after the KCKPD refused to pay ransom.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: