CDK Global is back online after the car software dealer reportedly paid $25m ransom
Car dealerships across North America breathed a sigh of relief as CDK Global, a major provider of dealership management software, brought its systems back online last week. However, it came at a cost with reports emerging that the company made a $25 million ransom payment.
Backstory: In mid-June, a cyberattack crippled CDK Global's systems, throwing car dealerships into chaos. Sales stalled, registrations were delayed, and basic operations were hampered for nearly two weeks. While CDK initially described it as a "cyber incident," reports later suggested a ransomware attack, where hackers encrypt data and demand payment for its release.
Almost 15,000 dealerships were affected, including the Asbury, AutoNation, Group 1, Lithia, and Sonic chains.
CDK pays ransom
Now, with services restored, new questions have emerged. Sources close to the investigation allege CDK paid a hefty $25 million ransom in Bitcoin to expedite the recovery. The company has yet to confirm or deny these reports, but from available evidence they are true.
Crypto forensics firm TRM Labs says that it spotted the 387 Bitcoin transactions going into an account said to be controlled by criminals that deploy ransomware known as BlackSuit. The payment was made by a firm that specializes in dealing with cyber-ransom demands.
Experts have weighed in on the issue and as always, their opinions are split. Some argue that paying ransomware sets a dangerous precedent and incentivizes further attacks. There’s also no guarantee that once the ransom is paid, the hackers will honor their requests.
On the other hand, the losses incurred by the business for every moment the systems are down often outweigh the ransom cost. For instance, Anderson Economic Group claims that the total financial damage to dealers in the first two weeks of the CDK shutdown is just over $600 million. That’s about 24 times the ransom. And that’s not considering other costs such as reputation damage and potential legal ramifications.
It’s a tough choice and only time will tell if it was the right move by CDK. Meanwhile, the company is still in the process of restoring all its systems. In a SEC filing, one of the affected companies, Sonic, noted that Other affected systems, including the CRM and certain functions of the DMS, remain offline as the company continues to investigate and test them.