Kia Motors America has been hit by a ransomware attack with demands for a $27 million ransom to prevent a “huge amount” of data being released, according to a report.
Tech website BleepingComputer, which has obtained the ransom note, said in a report that Kia Motors America has been experiencing ongoing IT outages as a result of a ransomware attack by the DoppelPaymer gang.
Kia Motors America – which is minority-owned by Hyundai – is based in Irvine, California, and is a subsidiary of the Kia Motors Corporation. It has nearly 800 dealers around the United States and manufactures vehicles in Georgia.
The company has been suffering IT outages for several days now, with its mobile ‘Uvo’ apps, phone services, payment systems, owner’s portal and internal sites used by the dealers impacted.
A Twitter user also reported arriving at a Kia car dealership to pick up their new car but being told that the company’s servers were down due to a ransomware attack, and that they couldn’t pick up the vehicle.
Visitors to Kia Motors America’s website were met with a message confirming the outage.
“KMA is aware of IT outages involving internal, dealer and customer-facing systems, including Uvo,” the message said.
“We apologise for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible.”
According to the report, Kia Motors America was the victim of a ransomware attack by the DoppelPaymer gang, with a note demanding payment of $US20 million in bitcoin ($26.7 million).
“Your network has been hacked...your files, backups and shadow copies are unavailable until you pay for a decryption tool,” the note said.
“If no contact made in 3 business days after the infection, first portion of data will be shared to public...and all the rest will remain unreachable to you.”
The company was told to download and install the Tor Browser, copy in an address and make the payment in bitcoin.
The ransom note said that a “huge amount” of data was stolen, which will be released by the hackers in two or three weeks if the payment isn’t made.
The hackers are demanding 404 bitcoins, now worth about $US20 million, which will then increase to 600 bitcoins, worth $US30 million currently, if it isn’t made quickly.
In a statement, Kia Motors America denied it had suffered a “ransomware” attack.
“We are aware of online speculation that Kia is subject to a ‘ransomware’ attack’,” the company said.
“At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.”
It’s another in a series of recent high-profile ransomware attacks, including several on Australian companies.
These include logistics company Toll, which was hit by a sustained cyber-attack early last year which resulted in the hackers dumping data on the dark web, with information including personal data of current and former employees.
Camera giant Canon was also hit with a ransomware attack late last year which saw 10 terabytes of data stolen and the hackers also demanding a ransom.
Earlier this year, European law enforcement successfully brought down infamous botnet Emotet as part of an international campaign against the malware, which was often used by hackers to drop ransomware.