On-chain sleuth ZachXBT has revealed that CDK Global paid hackers about $25 million worth of Bitcoin to resolve a major cyberattack a few weeks ago. The software provider for car dealerships in North America suffered a major cyber breach a few weeks ago that affected more than 15,000 car dealerships in the US.

Also Read: Turkish exchange BtcTurk hit by a cyberattack

However, it announced later that its service is fully back online. Although the company did not disclose how it fixed the issue, on-chain data has now shown that it opted to pay the ransom.

Over 387 Bitcoin were transferred to BlackSuit

According to on-chain data shared by ZachXBT, CDK Global transferred 387.367 BTC worth approximately $25 million to bc1q0c on June 21. This address is reportedly controlled by hackers affiliated with the notorious ransomware group BlackSuit. Following the transfer, the hackers moved the funds to centralized exchanges.

Other on-chain intelligence analysts also back up these claims. CNN reported that blockchain intelligence platform TRM Labs also confirmed the transaction. Interestingly, CDK did not send the funds directly to the attackers. Instead, it used the services of a firm that specializes in dealing with ransomware demands.

Meanwhile, there are speculations over why CDK waited a whole week after making the payments before restarting its service, especially given that it paid off the attackers quickly. The company likely wanted to boost its security systems and tidy up loose ends before resuming operations.

However, CDK has not issued any public statement to confirm the payment, but an earlier report suggested that it is considering meeting the attacker’s multimillion-dollar demand. Still, the amount paid as ransom appears to be a fraction of the financial impact of the incident.

Is crypto-related ransomware making a comeback?

Ransomware attackers demanding payments in cryptocurrencies are not new, but this incident marks the biggest incident for these bad actors in 2024. The last major ransomware payment was in March when Change Healthcare paid 350 BTC worth $22 million to the BlackCat or AlphV ransomware group.

Before then, crypto payments related to ransomware peaked at $1.1 billion in 2023, with victims ranging from major corporations such as Shell and British Airways to schools and hospitals. With the attackers deploying various approaches, several law enforcement agencies, including the FBI, have declared war on ransomware criminals.

Security expert Winston Ighodaro commented:

“Backing up your data offline and using a good antivirus software helps prevent ransomware attacks most time but that doesn’t help frequently as attackers often threaten to upload victims confidential data unto the dark web either for sale or for anyone who cares.”

Bitcoin ransom payments (Source: Chainalysis)

Incidents such as the recent attack on CDK Global show that the bad actors remain active, and cryptocurrencies are still one of their preferred means of payment. However, the public nature of blockchain networks means that it is easy to track their financial networks, which has helped law enforcement in the effort to bring down these bad actors.