Earlier this week, Bleeping Computer reported that the American division of Kia Motors (Kia Motors America) had serious problems in operation, now it has become clear that Kia Motors suffered from the DoppelPaymer ransomware attack.
The massive disruption affected telephone services, payment systems, a portal for car owners, as well as internal sites used by dealerships.
Shortly thereafter, the publication learned that Kia Motors had suffered from a ransomware attack. For example, a user wrote on Twitter that he came to the dealership to pick up a new car, but there he was told that all the servers were down due to a ransomware attack.
The outage also affected the company’s mobile apps such as Kia Access with UVO Link, UVO eServices and Kia Connect.
Also at the disposal of Bleeping Computer was the ransomware note, where they demand a ransom. This message appears to have been created by the DoppelPaymer operators, but they claim to have attacked Hyundai Motor America, Kia’s parent company. That being said, Hyundai does not appear to have suffered from this attack.
The message contains a link to the cybercriminals’ darknet site, where victims are asked to pay a ransom. The site also clearly shows that it is addressed to representatives of Hyundai Motor America. Although on this page it is said that during the attack, “a huge amount” of data was stolen from Kia Motors America and it will be published in the public domain in 2-3 weeks if the company does not negotiate and pay the ransom.
According to the website, DoppelPaymer operators demanded 404 bitcoins (about $20,000,000) from the company. If the ransom is not paid within 10 days, the amount increases to 600 bitcoins (about $30,000,000).
However, representatives of Kia Motors America told the publication that they do not yet have any evidence that the company was affected by the ransomware attack. Allegedly, at the present time, Kia specialists are simply fixing some “long-lasting system failure.”
Let me remind you that I wrote that according to the FBI: DoppelPaymer operators threaten and harass their victims.