Kia Motors America (KMA) says that it has seen no evidence of having suffered a ransomware attack, but apologized to customers for an extended systems outage, which the car maker affirmed it was working to resolve at the earliest with minimal disruption to business.
On Wednesday, BleepingComputer reported that KMA has been struck by a ransomware attack from a DoppelPaymer gang, which is allegedly demanding 404 bitcoins worth around US$20 million, in order not to leak stolen data. If the ransom was not paid within a specific time frame, that amount would increase to 600 bitcoins, or $30 million, it added.
The gang is supposed to have accessed only Kia’s computer networks, and did not touch the parent company Hyundai’s servers, the site reported.
In a statement shared with BleepingComputer, KMA stated that they have seen no evidence that they have suffered a “ransomware” attack. At this time, “we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack,” KMA said in its statement.
The car maker confirmed that it was experiencing an extended systems outage. “Affected systems include the Kia Owners Portal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers, and are working to resolve the issue as quickly as possible with minimal interruption to our business,” the statement added.
A Kia Motors Corporation subsidiary based in Irvine, California, KMA is said to have suffered a nationwide IT outage that affected its mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships. When visiting these sites, users are faced with a message stating that Kia is “experiencing an IT service outage that has impacted some internal networks.”
The outage is believed to have started Saturday when the Kia Owners Portal went offline, and started to display an error message stating that Kia was “experiencing an IT service outage that has impacted some internal networks.” The company’s phone self-help services are also impacted, with the customer support numbers stating that they have server issues that may affect their ability to help customers.
Weighing in on the KMA incident, Purandar Das, CEO and co-founder of Sotero Software, points out that while the focus is on recovering the stolen data, minimizing customer exposure, and restoring normal operation, as it rightfully should be, companies ought to start revisiting their security approaches. In addition, enterprises must start by making the data useless when stolen. “That eliminates a big part of the leverage the criminals have. The data is just as valuable as the operational aspects of the system that are affected,” Das points out in an emailed statement.
He further suggests that the adoption of newer encryption technologies that keep data encrypted, even while in use is a must, apart from enabling secure backups of operational systems with fast recovery paths is another. “Layering on more security products is not a viable or scalable solution,” Das added.
“Companies like Kawasaki, Kia yesterday and Solarwinds in December, are negligent for not adopting a proactive approach to internet facing and connected security. Only to then discover, at a later date, they have been breached. They will get all the attention the internet offers, but for the wrong reasons,” Andy Jenkinson, chief executive of UK-based Cybersec Innovation Partners, a company that does PKI discovery, wrote in a Linkedin message.
Maker of motorcycles, heavy equipment, engines, ships, rolling stock, and aerospace and defense equipment, Kawasaki Heavy Industries confirmed in December that information from its overseas offices might have been stolen following a security breach that occurred earlier last year. After an investigation into the breach, Kawasaki found that the unauthorized access spanned multiple offices.