Data security breach image by GData security breach image by G

Supplier News

CDK Global is said to have paid $25m crypto ransom to cyber-criminals after major hack

  • Dealerships across north America were crippled by cyber-attack on CDK Global platform
  • It’s now reckoned that the software provider paid $25m in cryptocurrency
  • CDK won’t comment but sources link it with transaction to ransomware account

Time 7:19 am, July 13, 2024

Dealer management system software provider CDK Global is believed to have paid hackers a $25m ransom.

Its platform was targeted last month by cyber-criminals, causing havoc for thousands of car dealers across north America by crippling their systems.

CDK wouldn’t comment but CNN, which broke the news about the cyber-attack, reports that a number of credible sources have told it that CDK now looks to have shelled out $25m (circa £19.3m) in cryptocurrency to the gang, believed to be based in eastern Europe.


Cryptocurrency payments can be shrouded in secrecy but data on the blockchain supporting those payments can still be revealing, since the blockchain system stores records of transactions using digital currencies.

CNN says Chris Janczewski, who heads global investigations at crypto-tracking firm TRM Labs, told it that on June 21 some 387 bitcoin — equal to circa $25m — was paid into a cryptocurrency account being controlled by hackers affiliated with the BlackSuit ransomware.

A week after that payment was made, CDK said it was bringing dealers back on to its system.


Janczewski didn’t say who sent that payment, however three other sources who have been monitoring the incident told CNN – on condition of anonymity because of the investigation’s sensitive nature – that the payment was made to affiliates of BlackSuit and that CDK was highly likely to have been the payment source.

The cryptocurrency account that sent the ransom is affiliated with a company that helps victims respond to ransom attacks, one source said, although they declined to name the firm.

CDK has been calling the attack a ‘cyber-incident’ when giving statements to reporters, but in a note to clients cited by CBS, the software provider called it a ‘cyber-ransom event’.

Some 15,000 car dealerships in the USA and Canada use CDK Global’s software, and many of them had to go back to using pen and paper to process sales and repairs.

Last week, CDK said that ‘substantially all’ of them were online to its core management system again.

Group 1 Automotive told how the attack had caused widespread disruption across its US operations. Its UK arm doesn’t use the CDK Global platform, so they weren’t affected.

Main image composite copyright © Blackball Media 2024

John Bowman's avatar

John has been with Car Dealer since 2013 after spending 25 years in the newspaper industry as a reporter then a sub-editor/assistant chief sub-editor on regional and national titles. John is chief sub-editor in the editorial department, working on Car Dealer, as well as handling social media.



More stories...

CMS Advert
Server 108