On-Chain Data Unveiled

On-chain blockchain data has revealed CDK BTC funds from the ransomware payment were immediately moved to centralized exchanges. This swift movement of funds is a common tactic by cybercriminals to obfuscate the money trail and complicate recovery efforts.

The Attack on CDK Global

Last month, CDK Global faced a significant cyberattack. This attack disrupted its software systems, affecting around 15,000 car dealerships across the United States. The ransomware group BlackSuit is believed to be behind this attack.

$25 Million Bitcoin Ransom

According to on-chain investigator ZachXBT, an address linked to BlackSuit received a hefty payment of 387 BTC, approximately $25 million, on June 21. The funds were then transferred to multiple centralized exchanges. BlackSuit emerged in 2023 and has quickly become a notable ransomware group targeting US companies.

"The ransomware landscape is prolific but continually expanding, making it challenging to monitor every incident or trace all ransom payments made in cryptocurrencies," commented blockchain analysis firm Chainalysis.

Ransom Payment and Recovery

This payment corroborates an earlier Bloomberg report suggesting that CDK Global intended to pay a ransom to prevent the public release of its data. The company had reportedly agreed to pay tens of millions to expedite its system recovery.

However, CDK has not officially confirmed whether the ransom was paid. Instead, it announced last week that nearly all its 15,000 car dealership customers were back online.

The Growing Threat of Ransomware

Ransomware involves deploying malware to restrict a victim or victims' access to computer systems or data, demanding a ransom, usually in a cryptocurrency, for its release. Blockchain analysis firm Chainalysis shows payments from crypto-related ransomware attacks nearly doubled to over $1 billion in 2023.

One extortion group named "cl0p" exploited the file-sharing software MOVEit during this period to make nearly $100 million in ransom payments.

Reports also indicate that another group, Black Basta, extorted at least $107 million in Bitcoin. Much of these laundered ransom payments went to the sanctioned Russian crypto exchange, Garantex.

BeInCrypto reported a Bitcoin ransomware attack targeting hospitals across Romania in February, demanding 3.5 BTC as ransom.

Advisory From Federal Agencies

These high-profile cases have prompted federal agencies, like the US Federal Bureau of Investigations (FBI), to issue several advisories about these malicious players.

"Regularly patch and update software and applications to their latest version and conduct regular vulnerability assessments," the FBI advised.