Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang who has demanded a ransom of $20 million for a decryptor and to prevent leak of stolen data.
Kia Motors America (KMA) which is headquartered in Irvine, California is a Kia Motors Corporation subsidiary.
The company suffered a nationwide IT outage impacting their mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.
The site displays a message stating that Kia is experiencing an IT service outage that has impacted some internal networks.
The company was aware of the IT outages and stated that they would resolve the issue and restore normal business operations as quickly as possible.
Kia was reportedly attacked by the DoppelPaymer ransomware. The ransom note contains a link to a private victim page on the DoppelPaymer Tor payment site that says that a “huge amount” of data was stolen, or exfiltrated, from Kia Motors America and that it will be released in 2-3 weeks if the company does not negotiate with the threat actors.
DoppelPaymer is infamous for stealing unencrypted files before encrypting devices and then posting portions on their data leak site to make the victims pay.
DoppelPaymer is demanding 404 bitcoins worth approximately $20 million in order to prevent the data leak and receive a decryptor. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.
The gang however did not specify what type of data has been stolen. However, Kia Motors America has also stated that they have not seen any evidence of having a “ransomware” attack.
Image Credits : Wink News