Kia dealers, customers lose network access in ransomware attack

Posted on

Kia has reportedly been hit by a $ 20 million ransomware attack that disabled network services for both its dealers and customers subscribing to its connected UVO services. According to BleepingComputer, the attack bears DoppelPaymer’s signature.

There was an impact across the business, with some customers reporting that they could not purchase newly purchased cars because Kia dealers were unable to complete the transactions due to the associated outage. Owners also reported that the outage affects Kia’s affiliated UVO services, preventing them from accessing their apps and other functions.

Coldest day of the year and my #kia # uvo app not working. The server is not responding. Everyone is so happy that I have to start remotely, it never works. Now they want me to pay for an extension?

– JDRMTB (@ big2mo) February 13, 2021

Ransomware attacks are generally twofold. Once installed on a target’s system (often through phishing or some other form of social engineering), the program is usually programmed to encrypt and duplicate an organization’s data. This often excludes the victim from its own system, rendering it incapable of performing normal operations. If this alone is not enough to induce the victim organization to pay the hackers’ ransom, the attackers threaten to leak the stolen data, which may include private customer information, protected IP or other sensitive content.

“Since the end of August 2019, unidentified actors have used DoppelPaymer ransomware to encrypt data from victims in critical industries around the world, such as healthcare, emergency services and education, disrupting citizens’ access to services,” said the FBI in her DoppelPaymer letter.

Since its rise in June 2019, DoppelPaymer ransomware has infected a variety of industries and targets, with actors routinely demanding six- and seven-digit ransom in Bitcoin (BTC). Before infecting systems with ransomware, the actors’ exfiltration data had to be in extortion schemes and have held follow-up interviews with victims to further pressure them to pay ransom. “

Kia’s comment was relatively brief, only telling the outlets that it was “aware of IT malfunctions related to internal, dealer and customer-facing systems” and that the company was “working to resolve the issue and return to normal. business operations as soon as possible. “