Bleeping Computer recently reported with corresponding evidence that Kia Motors America was under a ransomware cyberattack. The culprit was deemed to be a notorious ransomware variant DoppelPaymer, which has affected targets like the City of Torrance in California and Newcastle University. Bleeping Computer was able to make its conclusions based on three key pieces of evidence. First, a tweet from a disgruntled Kia customer stated the following:
@Kia I went to the Kia dealership in Arizona and signed a new lease, yet the manager told me your computers have been down for 3 days due to Ransomware and has affected Kia all over the USA. Can’t get my car for ???? Now what?
— Amybean (@amylee62) February 16, 2021
The second piece of evidence was that Kia Motors America placed the following statement on their website:
KMA is aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible.
Third, and most notably, the final piece of this puzzle comes via the DoppelPaymer gang themselves. As a coercion tactic, DoppelPaymer has placed their demands in a ransom note on a website they use to leak files if ransoms are not paid. The criminals are demanding roughly $20 million in Bitcoin, an amount that will increase by $10 million if the payment is refused. The website shows that the attackers targeted Hyundai Motor America (Hyundai owns Kia) and that they will destroy and leak data if the ransom is not paid.
Kia Motors America has put out a statement to Bleeping Computer denying the situation as it has been reported:
Kia Motors America, Inc. (“Kia”) is currently experiencing an extended systems outage. Affected systems include the Kia Owners Portal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers, and are working to resolve the issue as quickly as possible with minimal interruption to our business. We are also aware of online speculation that Kia is subject to a “ransomware” attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a “ransomware” attack.”
Furthermore, it appears that Hyundai is experiencing outages as Bleeping Computer was contacted by numerous anonymous employees complaining of an outage. This forced the company to also release a statement that reads:
At this time, we can confirm that we have no evidence of Hyundai Motor America’s involvement in a “ransomware” attack.
This is a rapidly developing story, but the corporate actions up until this point seem to be odd. If they don’t wish to delve into specifics because it is an ongoing investigation, fair enough. To act like this is some regular outage, however, isn’t an intelligent move. It’s clear that the Kia is facing some sort of incident, perhaps even ransomware, and they won’t get help if they keep the situation completely internal. DoppelPaymer is far too powerful to not bring in outside resources.
Featured image: Wikimedia/К.Артём.1