Security Experts:

After IT Outage, Carmakers Kia and Hyundai Say No Evidence of Ransomware Attack

Kia possibly hit by ransomware

Carmakers Kia and Hyundai, both owned by the South Korea-based Hyundai Motor Group, said they had found no evidence that the outages they suffered in the past week in the United States were the result of a ransomware attack.

Kia Motors America was the first to notify customers via its website that it had been experiencing an IT service outage impacting some of its systems, including internal, customer and dealer systems. Hyundai Motor America later also confirmed some disruptions, but appeared to be less impacted.

“Kia Motors America, Inc. (Kia) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational,” Kia told SecurityWeek in a statement on Thursday.

“We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24-48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience,” it added.

Reports have emerged about the outages being caused by a ransomware attack on Kia and Hyundai systems. One individual claimed on Twitter that a Kia dealership in Arizona had told her that computers had been down for three days due to ransomware.

However, Kia and Hyundai said they were not aware of any ransomware.

“We are aware of online speculation that Kia is subject to a ransomware attack,” Kia said in its emailed statement. “At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack.”

BleepingComputer obtained a ransom note from a cybercrime group that uses the DoppelPaymer ransomware, claiming that they had managed not only to encrypt files but also to steal “all your private data.” The hackers reportedly want roughly $20 million in bitcoin to decrypt the data and not leak the stolen files — the amount goes up to $30 million if the ransom is not paid within a certain number of days.

SecurityWeek has checked the website where the DoppelPaymer hackers leak data from victims and post proof that they breached companies, but at the time of writing there is no mention of Hyundai or Kia.

It remains to be seen if the carmakers end up confirming being hit by ransomware or if the hackers start leaking data allegedly stolen from them. In some recent attacks, cybercriminals only stole data from victims, but did not encrypt their files, which could make the breach more difficult to detect. However, in this case the ransom note suggests that files have been encrypted, which would make the breach obvious.

Related: Enterprise Solutions Provider 'Software AG' Hit by Clop Ransomware

Related: Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

Related: HR Giant Randstad Hit by Egregor Ransomware

Related: Canon Says Data Stolen in August 2020 Ransomware Attack

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.