Kia Motors Claims Massive Systems Outage Was Not Caused By a Ransomware Attack

essidsolutions

Kia Motors America’s online services, such as Kia Owners Portal, customer self-help services, Kia Access with UVO Link, UVO eServices, & Kia Connect apps, were recently affected by a massive systems outage. The company, however, has stressed that the outage was not caused by a ransomware attack.

Days after a significant nationwide outage impacted Kia Motors America’s online services like Kia Owners Portal, customer self-help services, Kia Access with UVO Link, UVO eServices, & Kia Connect apps, it has now come to light that the outage reportedly occurred due to a powerful DoppelPaymer ransomware attack on Kia’s servers.

BleepingComputer recently accessed a ransom note addressed to Hyundai Motor America, Kia’s parent company, which claimed that the DoppelPaymer ransomware group carried out the ransomware attack.

Opens a new window

DoppelPaymer Ransom Note for Kia Motors America/Hyundai Motor America | Source: BleepingComputer

See Also: World’s Most Dangerous Malware Taken Down in Global Operation

As per the ransom note, the DoppelPaymer group encrypted KMA systems and data and exfiltrated vast amounts of data from the company’s servers. This kind of attack is consistent with the hacker group’s preferred operating tactic, which it has employed several times in the past year.

Through the ransom note, the DoppelPaymer group has instructed Kia Motors to fork out 404 bitcoins, equivalent to $20 million, to obtain a decryptor to regain access to its encrypted data. If the company fails to honor the ransom demand within a specified time, not only will the hacker group release stolen data, it will also increase the ransom demand to 600 bitcoins, which roughly equates to $27.71 million.

Neither the Seoul-based car manufacturer nor KMA, its American subsidiary, have acknowledged the attack thus far. In a statement shared with BleepingComputerOpens a new window , Kia Motors America, which operates through around 800 dealerships in the US, said that even though the system outage did take place, there is no evidence to suggest a ransomware attack caused it.

“Kia Motors America, Inc. (‘Kia’) is currently experiencing an extended systems outage. Affected systems include the Kia Owners Portal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers, and are working to resolve the issue as quickly as possible with minimal interruption to our business.

“We are also aware of online speculation that Kia is subject to a ‘ransomware’ attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack,” the company said.

“There are still no details shared from Kia on the source of the outage, declaring that it was a general network issue and not ransomware related. However, DoppelPaymer is still actively declaring that they have Kia’s data under ransom. The lack of communication from Kia on another cause of the outage is concerning and does not build great credibility to users that their data is truly safe,” said Kevin DunneOpens a new window , President at application governance company Greenlight, to TechRepublicOpens a new window .

DoppelPaymer is similar to the BitPaymer ransomware in terms of code, ransom notes, and the use of a payment portal. As per Trend Micro’s research, the ransomware gang usually relies on spear-phishing links or attachments sent via malicious emails to infiltrate networks. The links/attachments are “designed to lure unsuspecting users into executing malicious code that is usually disguised as a genuine document.”

According to Erich Kron, Security Awareness Advocate at KnowBe4, like so many modern types of ransomware, DoppelPaymer cripples the organization’s ability to conduct business and extracts sensitive data to blackmail victims to get them to pay the ransom.

“In this case, the attack has impacted many significant IT systems, including those needed for customers to take delivery of their newly-purchased vehicles. This could cost the organization a considerable amount of money and reputational damage with current and potential customers.

“DoppelPaymer, like most other ransomware strains, is generally spread through phishing emails, so organizations should ensure employees are trained to spot and report the suspicious emails that could potentially be used to attack them. Combining ongoing training and regularly scheduled simulated phishing tests, is extremely effective in preparing employees to defend against these types of attacks,” he added.

The DoppelPaymer ransomware group’s victims include Delaware County, Torrance, CAOpens a new window ; Newcastle UniversityOpens a new window , Hall County, GA; Taiwanese electronics manufacturer FoxconnOpens a new window , a South African supply chain companyOpens a new window , and others. 

How to Protect Your Systems and Data from DoppelPaymer Attacks

  • Do not open unverified emails and do not click on any embedded links or attachments
  • Perform application and software updates as soon as they’re available
  • Monitor all network traffic for any discrepancies
  • Perform regular backups; this is useful to eliminate downtime costs
  • Implement 2FA
  • Perform regular audits of all user accounts

Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA