Thus far, it appears that just Kia in US is impacted by the cyber attack |
Reports in the US suggest that Kia’s US business unit is experiencing a massive IT outage in what could be a ransomware attack.
The reports suggest Kia is the victim of a ransomware attack by the so-called ‘DoppelPaymer Gang’ demanding $20 million.
Kia’s US operations are suffering a nationwide IT outage that is impacting many systems, including sites used by its dealerships.
The Bleeping Computer IT security website said it has obtained a ransom note reputedly from the DoppelPaymer Gang stating that they have hacked into the systems of Hyundai Motor America, although only Kia seems to be impacted.
According to the Bleeping Computer report, the ransom note contains a link to a private victim page on the DoppelPaymer Tor payment site and says that a ‘huge amount of data’ was stolen, or exfiltrated, from Kia Motors America and that it will be released in 2-3 weeks if the company does not negotiate.
The DoppelPaymer Gang is one of a group of ransomware gangs that operate leak sites where they publish data from companies who refuse to pay the ransom. In many cases, companies ignore these threats and choose to restore from backups, but some companies chose to pay in order to prevent sensitive information being released online.
The US FBI said in December that the DoppelPaymer Gang has also resorted to cold-calling companies in order to intimidate and coerce victims into paying ransom demands.
Commenting on the Kia news, cybersecurity expert Trevor Morgan, product manager at security company comforte AG said: “The very recent ransomware attack on Kia Motors America demonstrates just how important it is for every organization to rethink data security. Threatened with an imminent leak of stolen data, Kia must now assess just how much sensitive information might be released if they don’t meet the terms of the threat actors. Hopefully they are able to navigate this situation effectively with minimal damage.
“The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as an enterprise might find themselves in the same boat without the proper data-centric approach.”