CDK Global allegedly paid a ransom to halt the ransomware attack that disrupted company operations, affecting a large number of North American car dealerships.
The attack on June 19 compromised CDK Global systems, which support thousands of vehicle dealerships across the country. CDK Global provides a variety of services, including customer relationship management, dealer management, financing and insurance, intelligence, network and communication, and retail.
In June, AutoNation reported to the US Securities and Exchange Commission (SEC) that the attack had impacted fundamental services such as sales, service, inventory, customer relationship management, and finance. Retail stores continued to operate in spite of this.
TRM Labs, a crypto forensics company, uncovered a 387 Bitcoin ($25 million) transaction into an account controlled by the BlackSuit ransomware group. This is the same group who attacked Octapharma Plasma in April. The Bitcoins appear to have been sent through a company specializing in dealing with cyber-ransom requests rather than CDK directly.
After the incident, the ransom was paid in just two days. This suggests that CDK global acted swiftly as agreed to stop the extortionists from disclosing stolen information and to stop their activities.
CDK then required many days to rebuild and restore services, potentially using backups and requiring information from encrypted systems, which delayed the recovery process.
Nevertheless, the incident’s impact to the business as a whole makes the $25 million ransom insignificant. According to estimates from Anderson Economic Group, dealers suffered financial losses in the first two weeks of the closure totalling more than $600 million—24 times the ransom amount.
Since it does not take into consideration things like reputational harm, unhappy customers, and legal repercussions, this estimate probably understates the true impact.
AutoNation said that there will be a negative effect on its earnings per share for the quarter ending June 30, 2024. Furthermore, the company expects additional expenses for recovery efforts after the ransomware attack.
BlackSuit, which is supposed to be a rebranding of the Royal ransomware operation, is said to have succeeded the Conti cybercrime group of Russian and Eastern European threat actors.
Law enforcement authorities worldwide discourage paying ransom demands since there is no guarantee of system repair or data protection. Furthermore, there is no guarantee that the same or different threat actors will not attack the company in the near future.
The Kansas City Police Department allegedly lost hundreds of confidential police files to BlackSuit in June when they refused to pay the ransom.
In February, a Chainalysis report revealed that, in spite of efforts by the US government to separate their financial ties, cybercriminals managed to extract a record $1.1 billion in ransom payments from victim organisations worldwide last year.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology, you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.