Share this article on:
CDK Global has reportedly paid a ransom, leading to the systems of as many as 15,000 US car dealerships being restored, according to sources speaking to media.
Last month, car dealership software provider CDK Global announced that it detected a cyber incident on its network, leading to many of its systems being taken offline.
“We are currently experiencing a cyber incident. Out of caution and concern for our customers, we have shut down a majority of our systems,” CDK spokesperson Lisa Finney said in a statement seen by media on 19 June.
Last week, CDK managed to restore services after an outage that appeared to have ended. While the company is yet to reveal just how it restored services, sources cited by US media giant CNN said the company seems to have forked out US$25 million in ransom to the BlackSuit ransomware gang.
According to Chris Janczewski, chief at crypto-tracking firm TRM Labs, speaking with CNN, 387 bitcoins, which equates to roughly $25 million, were transferred into an account owned by hackers connected with the BlackSuit ransomware gang.
While the source of the payment was not identified, other sources cited by CNN who wished to remain anonymous suggest that it was highly likely that CDK paid the 387 bitcoins. This is despite the account that sent the ransom payment not being owned by CDK but rather an account connected to an organisation known for helping ransomware victims deal with attacks, according to the source.
A week after the payment was made, CDK announced it was bringing car dealerships back online.
CDK is yet to comment on the claims it allegedly paid the ransom, but it announced earlier this month that “substantially all” of its 15,000 car dealership clients were back online with its software.
“We are happy to report that we are ahead of the anticipated schedule,” said an automated message on the company’s customer care phone line.
That being said, a US SEC 8-K filing from 5 July suggests that some systems remain offline.
“Other affected systems, including the CRM and certain functions of the DMS, remain offline as the company continues to investigate and test such systems,” CDK said.