A ransomware group tied to a June cyberattack on CDK Global received over $25 million in Bitcoin, as reported by on-chain investigator ZachXBT.
Last month, CDK Global faced an attack that disrupted its software, affecting around 15,000 US car dealerships.
CDK Paid 387 BTC to End Cyberattack
According to ZachXBT, an address linked to BlackSuit received the 387 BTC payment on June 21. The funds were then transferred to several centralized exchanges. BlackSuit emerged in 2023 and has become a notable ransomware group targeting US companies.
This payment aligns with an earlier Bloomberg report stating that CDK Global planned to pay a ransom to prevent the public release of its data. The company had agreed to pay tens of millions to expedite its system recovery.
However, CDK has not confirmed whether the ransom was paid. Instead, it announced that nearly all of its 15,000 car dealership customers were back online last week.
Ransomware involves deploying malware that restricts access to computer systems or data and demanding ransom, usually in crypto, for its release. Blockchain analysis firm Chainalysis noted that payments from crypto-related ransomware attacks nearly doubled to more than $1 billion in 2023.
Crypto Ransomware Payments. Source: Chainalysis
The analytics company pointed out that one extortion group named “cl0p,” made nearly $100 million in ransom payments during the period. The group exploited the file-sharing software MOVEit.
“The ransomware landscape is not only prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies…[There is] an increasing number of new players, attracted by the potential for high profits and lower barriers to entry,” Chainalysis commented.
Reports indicate that the group Black Basta extorted at least $107 million in Bitcoin. Much of these laundered ransom payments went to the sanctioned Russian crypto exchange, Garantex. Notably, BeInCrypto also reported a Bitcoin ransomware attack that targeted hospitals across Romania in February, demanding 3.5 BTC as ransom.
These high-profile cases have led federal agencies, like the US Federal Bureau of Investigations (FBI), to issue several advisories about these malicious players.
“Regularly patch and update software and applications to their latest version and conduct regular vulnerability assessments,” the FBI advised.