Kia Motors America Suffers $20 Million Ransomware Attack
Kia Motors America has thus far publicly acknowledged an “extended system outage,” but ransomware gang, DoppelPaymer, claims it has encrypted the company’s files in a cyberattack. DoppelPaymer has demanded a $20 million ransom payment to restore the company’s files and guarantees that the stolen data will be published to the gang’s leak site.
The ransom note from DoppelPaymer claims the attack was on Hyundai Motor America, the parent company of Kia Motors America. It went on to say that the company has two to three weeks to pay up 404 Bitcoins, which is around $20 million. To add a sense of urgency, the threat actors warn that a delay in payment could result in the ransom being raised to $30 million.
The outage affected Kia’s mobile apps like Kia Access with UVO Link, UVO eServices and Kia Connect, as well as self-help portals and customer support, Kia reported in a statement, adding, “We are also aware of online speculation that Kia is subject to a ‘ransomware” attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.”
Kia has since reported that the UVO app and owner’s portal are now operational and continued to stress that there is still no evidence of a ransomware attack.
This potential attack is part of a growing trend of ransomware groups attacking a company through a “double extortion” attack: if a company fails to pay the ransom, not only will their files remain encrypted and unusable, they will also be leaked to the general public. Even if the data is not published publicly, it will most likely be sold eventually or traded on the dark web.