back to article Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack

CDK Global reportedly paid a $25 million ransom in Bitcoin after its servers were knocked offline by crippling ransomware. Last week, CDK restored services to car dealerships across the US after a two-week outage caused by a "cyber incident" that looked a lot like a ransomware infection. The shutdown of CDK's software platform …

  1. ecofeco Silver badge
    Gimp

    There are no good guys in this story

    A pox on both their houses.

  2. redpawn

    Ensuring the Future

    will be like the past.

  3. David 132 Silver badge

    Paying ransoms - cyber or traditional - should be illegal.

    CDK have taken the coward's way out, paying the Danegeld and emboldening the ransomware scum. The next company attacked by those vermin will be ever so grateful to CDK for validating the business model, I'm sure.

    Paying ransoms should be made illegal, under any circumstances. With extremely stiff criminal sanctions for any corporate officers found doing so.

    1. Mike007 Bronze badge

      Re: Paying ransoms - cyber or traditional - should be illegal.

      Why is "funding cyber attacks" not already illegal?

      Do you think that money is going to be invested in medical services for third world countries?

      I would love for their next victim to find evidence that the attack against them was "sponsored and funded" by CDK and file a lawsuit... Not sure what the court would say, but someone needs to try it.

    2. vtcodger Silver badge

      Re: Paying ransoms - cyber or traditional - should be illegal.

      "For every complex problem there is an answer that is clear, simple, and wrong." H. L. Mencken ·

      There are a plethora of reasons that making ransomware payments illegal is probably an RBI (Really Bad Idea). For starters, it would probably be a dandy way to drive most of a country's larger businesses to some off-shore haven with less draconian laws. Why would any remotely sane corporate officer stick around in a place where they are likely to be confronted an day now with the choice of shutting down the business or going to jail?

      What's an alternative clear, simple, and probably wrong idea? De-anonymize cryptocurrency. Require all crypto owners to register their "coins". Require every coin to be reported to a national authority within 15 days of being minted and require every transaction to be reported to the appropriate authorities within 48 hours. (Or better yet, do as China has done and just make the stuff illegal.). Why won't that work? For one thing, an illegal trade in unregistered cryptocoins will surely exist as long as some folks think the stuff actually has value. For another, most ransomware actors don't appear to be especially dumb. They'll come up with some other way to get anonymous payments.

      1. druck Silver badge

        Re: Paying ransoms - cyber or traditional - should be illegal.

        Even simpler and not wrong, is ban the only viable means of ransomware payment - cryptocurrencies.

    3. Phil Kingston

      Re: Paying ransoms - cyber or traditional - should be illegal.

      In Australia it is. We won't put up with that shit.

  4. Tomi Tank

    terrible news, but can it understand the off-side rule

    Just pay it and shut up, cause Fottball's coming home in the next 2 days and the three lions on my shirt are roaring.

    After we win, it might be a good idea to fire up the Empire again.

    1. Bendacious Silver badge

      Re: terrible news, but can it understand the off-side rule

      I'd just like to apologise for my drunk countryman. Supermarket lager and an inferiority complex can cause embarrassing outbursts. Sorry about that.

      1. IGotOut Silver badge

        Re: terrible news, but can it understand the off-side rule

        Just point out the last time England won the World Cup will soon be closer to Queen Victoria's reign than current times.

  5. Michael Hoffmann Silver badge
    Thumb Down

    A security audit would be interesting, specifically in: how much would it have cost you if you'd invested properly into security. Instead of, as is generally the case, considering it a cost centre that is the first slashed when the profit figures that determine annual exec bonuses are due?

    No, not the latest silver bullet the <security vendor> promised you during the promotional round of golf. Or another mob of "consultants" from some Big 4 firm. Actual trained, motivated and well-paid professionals with the tools *they* would have chosen!

    1. vtcodger Silver badge

      Not a bad idea, but ...

      Not that regular security audits would be a bad idea for every business with significant on-line components (most everybody nowadays?). But there is one minor problem. We've spent three decades building a digital communications/interoperability framework that is wildly insecure. It seems likely to me that trying to paste a framework of security best practices on top of that is probably more cosmetic than realistic. But even Potemkin security might help a bit at times even though it's not likely to do wonders for usability.

  6. t245t Silver badge
    Linux

    BlackSuit “supports” Linux operating systems :o

    How Does BlackSuit Ransomware Work?

    The group emerged with payloads that support both Windows and Linux operating systems. Payloads are delivered via phishing email or third party framework (e.g., Empire, Metasploit, Cobalt Strike). The use of malicious torrent files has also been observed as a delivery vector for BlackSuit ransomware.

    1. David 132 Silver badge
      Happy

      Re: BlackSuit “supports” Linux operating systems :o

      On Gentoo, of course, it gets delivered to the victim as sourcefiles that they have to compile themselves.

  7. Harryhendo

    It would be interesting to know what OS was compromised. My guess is Windows Server. It would help others to know the OS. If, for example, 98% of the ransomware attacks are against Windows, one could use that to make a case for migrating off Windows.

  8. Frank Bitterlich

    "Still, $25 million is apparently nothing to the industry-wide damages that this incident caused."

    Keeping in mind that these $25M are being used to finance the crooks and their operations, allowing the to hire even more talented hackers, and also being a huge advertising for cybercrime, with its "crime pays" message, I think the total bang-for-the-buck ratio of these $25M is several magnitudes higher.

    And that's the problem: by paying $25M, the company saved a few million in costs to other scenarios, but caused a damage that is ten to hundred times higher to future victims. And I think they should be liable for this. I'd like to see a class-action lawsuit from future cyber-attack victims against companies that are willing to finance criminals just to keep the cost and consequences of failing to secure their own systems lower. And I'd like to see a smart AG to open a case showing how paying ransoms like this constitutes "material support" of criminal organisations.

    All in all it should be more expensive for corporations to pay the ransom than not to. That's the only way to stop this.

    I'll keep dreaming.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like