Home News DopplePaymer Ransomware Gang Behind Kia Motors IT Outage?

DopplePaymer Ransomware Gang Behind Kia Motors IT Outage?

Kia Motors has informed its users about an IT outage that has affected the company’s mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships in the U.S.

Kia motors ransomware attack

Kia Motors has quickly climbed the sales ladder in the U.S. It has captured the market across the country with its gold-standard product offerings like the Telluride, which is incidentally named the “2020 World Car of the Year.” Kia owes a huge part of this success to its latest technology adaptations. It offers great build quality, but it is the tech on offer that woes its customers – its connected car tech. The ability to interact with your car remotely and enjoy functions like remote start and stop of ignition, climate control, seat warming, and boot opening is stunning. But what happens when this goes down? It is an owner’s nightmare and the company’s embarrassment. This is what Kia is going through right now because the company has announced a nationwide IT outage in the U.S.

Kia IT Outage a Ransomware Attack?

On February 13, several Kia customers complained that they were unable to use Kia’s official UVO mobile application for initiating remote commands.

Later Kia put out an “IT service outage” note on its website (refer to the image below) to assure their customers that they would be back soon.

KIA motors IT outage, KIA motors ransomware attack
Image Credit: KIA Motors America

However, it has been nearly five days, and yet the services seem to be down and some reports, which surfaced recently, suggest that Kia Motors America was attacked by the DopplePaymer ransomware gang. This possibly explains the delay in the restoration of services.

According to the reports, the ransom note was left in the name of Hyundai Motors America, which is the parent company of Kia Motors. However, Hyundai Motors does not seem to be affected by this ransomware attack. The DopplePaymer gang informed that they have stolen “sensitive data” and shall require a ransom of 404 BTC (equivalent to $20 million) in exchange for the decryption key. The note carries a link to their TOR page where a countdown timer is set for a deadline, which if not met increases the ransom amount to 600 BTC.

Speaking exclusively to CISO MAG, Purandar Das, CEO and Co-Founder of Sotero Software, said,

One more ransomware incident. While the focus is on recovering the stolen data, minimizing customer exposure, and restoring normal operation, as it rightfully should be, companies ought to start revisiting their security approaches.

There are two parts to this. One, start by making the data useless when stolen. That eliminates a big part of the leverage the criminals have. The data is just as valuable as the operational aspects of the system that are affected. The stolen data also causes long-term damage to innocent consumers who trust organizations to protect their data and privacy.

Adopting newer encryption technologies, which keep data encrypted even while in use, is a must. Second, enabling secure backups of operational systems with fast recovery paths is another. Layering on more security products is not a viable or scalable solution.

Don’t Pay the Ransom, It’s Illegal!

Ransomware is a growing plague and currently, there seems to be no antidote to it other than paying. However, paying the ransom is now illegal in the U.S. as per an advisory issued by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC). Read more about it here!

Related News:

Why is Ransomware Still a Problem?

The State of Ransomware: From Evolution to Progression