The ransomware group linked to a cyberattack on CDK Global in June reportedly received over $25 million in Bitcoin. The attack caused disruption to the software used by around 15,000 US car dealerships. The payment of 387 BTC was made to the group known as BlackSuit, which emerged in 2023 and has targeted various US companies. This aligns with a previous report that CDK Global planned to pay a ransom to prevent the release of its data, with the company agreeing to pay tens of millions to expedite its system recovery. However, CDK has not confirmed whether the ransom was paid, instead announcing that most of its car dealership customers were back online.
Ransomware attacks involve deploying malware that restricts access to computer systems or data, demanding ransom, usually in cryptocurrency, for its release. Blockchain analysis firm Chainalysis reported that payments from crypto-related ransomware attacks nearly doubled to over $1 billion in 2023. A group named “cl0p” made nearly $100 million in ransom payments during this period by exploiting file-sharing software. Chainalysis noted that the ransomware landscape is continually expanding, with an increasing number of new players attracted by the potential for high profits and lower barriers to entry.
Reports indicate that another group, Black Basta, extorted at least $107 million in Bitcoin, with some of the laundered ransom payments going to the sanctioned Russian crypto exchange, Garantex. In February, hospitals across Romania were targeted in a Bitcoin ransomware attack that demanded 3.5 BTC as ransom. These high-profile cases have prompted federal agencies like the US Federal Bureau of Investigations (FBI) to issue advisories about these malicious actors. The FBI recommended regularly patching and updating software and conducting vulnerability assessments to mitigate the risk of ransomware attacks.
Overall, ransomware attacks continue to pose a significant threat to organizations, with attackers increasingly demanding payments in cryptocurrency to release data or restore access to systems. The rise in ransom payments made through crypto highlights the lucrative nature of these attacks, with some groups making tens of millions of dollars in ransom payments. The evolving ransomware landscape presents challenges in monitoring and tracing ransom payments, as new players enter the scene attracted by the potential for high profits. Taking proactive measures such as regularly updating software and conducting vulnerability assessments is crucial in mitigating the risk of ransomware attacks and protecting against malicious actors seeking to extort organizations for financial gain.