Kia Motors America experienced a system outage but denies it was caused by a ransomware attack.
Following reports that Kia was struck by DoppelPaymer ransomware, the carmaker issued a statement stating there was no evidence their systems suffered from an attack.
News of a ransomware attack first appeared after the company experienced a nationwide system outage earlier this week. It affected Kia’s phone services, payment systems, owner portal, mobile UVO Link apps, and internal sites used by dealers.
BeepingComputer shared an image of the ransom note from DoppelPaymer, the alleged ransomware gang, in which criminals demanded $20 million from Kia. The link in the note leads to a DoppelPaymer Tor payment site. According to the Tor page, a “huge amount” of data had been stolen from Kia Motors America, and that it will be made public in 2-3 weeks unless the company pays 404 bitcoins (approximately $20 million).
Although the ransom note states the target is Hyundai Motor America BeepingComputer believed it is Kia Motors that is the target of the criminals.
Trying to clarify the issue, BC contacted Kia Motors and received the following reply:
“KMA is aware of IT outages involving internal, dealer, and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible.”
Following the Kia outage, numerous Hyundai and dealership employees reported that Hyundai was also affected by outages. Hyundai stated in a response to BC that multiple systems were down including the dealer site, hyundaidealer.com.
Hyundai also denied being a victim of an attack saying they “have no evidence of Hyundai Motor America’s involvement in a “ransomware” attack.”
Ransomware attacks have become a very popular way of illicit enrichment. In 2020, the US has been hit by an unprecedented and unrelenting barrage of ransomware attacks, according to the EMSISOFT 2020 “The State of Ransomware Report.”
This is a developing story.
