CDK Global Allegedly Paid $25M Ransom to BlackSuit Ransomware Gang

• CDK Global reportedly decided to pay millions in ransom to the hackers who crippled thousands of U.S. car dealerships.
• The company previously announced that it intends to make the payment to restore its business rapidly.
• CDK did not mention how the company was able to get its systems back online.

American retail technology and software provider CDK Global reportedly sent a $25 million ransom in Bitcoin to the hacker group that attacked the software firm on June 19, causing a significant disruption to nearly 15,000 car dealerships in the U.S., according to a CNN report.

The company was hit by two close attacks that brought its systems to a halt, with CDK saying on June 20 that they started the process to restore their systems and planned to pay the ransom in a bid to restore normalcy. 

The attack reportedly came from a hacker group in Eastern Europe, which is believed to be the BlackSuit ransomware gang.

The process of how CDK restarted its business hasn't yet been disclosed. Still, the head of global investigations at crypto-tracking firm TRM Labs told CNN a cryptocurrency account controlled by hackers affiliated with BlackSuit ransomware received roughly $25 million in Bitcoin on June 21 from a firm that helps victims respond to ransom attacks.

CDK Global is a software-as-a-service (SaaS) provider offering a dealer management system (DMS) for day-to-day processing. The DMS is used for stocking vehicles, ordering services or parts, deliveries, inventory, accounting, and the customer relationship management (CRM) system. 

Penske Automotive Group and Sonic Automotive, which announced the disruption of their services, are among the affected client companies, but Asbury, AutoNation, Group 1, Lithia, and Sonic chains are also on the list of impacted customers.

BlackSuit is a suspected rebrand of the Royal ransomware operation, which is believed to be the successor of the Conti cybercrime group of Russian and Eastern European threat actors. 

In June, BlackSuit allegedly published hundreds of sensitive police files stolen from the Kansas Police Department after the KCKPD refused to pay ransom.