A ransomware attack by DoppelPaymer was reportedly experienced by Kia Motors America, headquartered in Irvine, California. The company has about 800 dealers in the U.S. and cars/SUVs manufactured out of Georgia.
According to a BleepingComputer post, the ransom demand is huge. “To prevent the leak of the data and receive a decryptor, DoppelPaymer is demanding 404 bitcoins worth approximately $20 million. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.”
DoppelPaymer is identified for hacking unencrypted files before encrypting devices. After stealing the information, the group then uploads parts on its data breach platform to further threaten victims into paying.
BleepingComputer reported that Kia Motors America suffered a national IT outage affecting its servers, self-payment services, dealer platforms, and phone support system. Employees of Kia told BleepingComputer that this was a nationwide outage that began on February 23, Saturday.
A day after the report, BleepingComputer acquired a ransom note created by the DoppelPaymer ransomware gang during an alleged Kia Motors America cyberattack. The attackers said that they had attacked Hyundai Motor America, the parent company of Kia. However, Hyundai did not seem to be affected by the cyberattack.
Regarding the issue, Kia Motors America stated, “Kia Motors America, Inc. (“Kia”) is currently experiencing an extended systems outage. Affected systems include the Kia Owners Portal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers, and are working to resolve the issue as quickly as possible with minimal interruption to our business.”
“We are also aware of online speculation that Kia is subject to a ‘ransomware’ attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack,” Kia added.
Cybereason Chief Security Officer Sam Curry said that the ransomware attack that brought down the operations of Kia Motors is just the latest case of a financial cybercrime being committed against a big organization.
Curry said, “Every minute that their operations are incapacitated costs companies millions of dollars in lost business.”
“It cannot be understated how important it is for companies like Kia to be open and transparent about the specific facts surrounding their particular cyberattack. Our industry can then quickly dissect the nature of the attack and prevent this type of system intrusion from happening to other companies,” he added.