DoppelPaymer ransomware group demands $20 Million from Kia Motors America

On February 13^th, 2021, Kia Motors America experienced a ransomware attack by the DoppelPaymer ransomware group which led to outages over their nationwide network. The effect of the attack was noticed when customers discovered the Kia Owners Portal was offline and displayed an error message that said:   

“We are currently experiencing an IT service outage that has impacted some internal networks. Our customers are our top priority, and we are working to resolve the issue quickly.”

The result of the attack was the outage affected its Mobile UVO link apps, payment services, phone services, owner portal, and dealerships’ internal systems. This meant customers were not able to contact Kia Motors America for support and dealerships had to turn away buyers.

Kia Motors America acknowledge that they had been attacked and that it had led to the outage but would not disclose any other details about the outage or who was responsible for it.

“KMA is aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible.”

On February 17^th, 2021, the Technology news website Bleeping Computer received what appeared to be a ransom note from the DoppelPaymer ransomware group stated that the gang had successfully attacked Kia’s parent company, Hyundai Motor America. The ransom note contained a link to a private victim page on the DoppelPaymer Tor payment site which stated that a huge amount of data was stolen from Kia Motors America and that it will be released in 2-3 weeks if the company does not negotiate with the threat actors and pay their demand of 404 BTC (worth more than $20 million at the time of the attack).

The group also tried to coerce Kia Motors America to pay within the deadline of 2-3 weeks or they would raise the ransom demand to 600 BTC (worth more than $31 million at the time of the attack). But Kia Motors America released a statement that stated they had found no evidence of a ransomware attack having affected its systems or Kia’s data.

“We are also aware of online speculation that Kia is subject to a “ransomware” attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a “ransomware” attack.”