Kia Becomes The Newest Victim of Ransomware

Just imagine, your family browses the lines of cars at your local car dealership, excited to make a new purchase.  After test driving numerous vehicles, you found it, the perfect vehicle.  When telling the salesman you are ready to buy and sign the papers, he tells you that his systems are down and can’t complete the transaction right now. However, can you imagine how disappointed you would be?  Unfortunately, Kia Motors America becomes the newest victim of ransomware.


Kia Motors America

Headquartered in Irvine, California, Kia Motors America owns nearly 800 car dealerships across the United States.  According to their website, they sold over eight million vehicles in the United States alone and recognized as one of the 100 Best Global Brands.  Additionally, Kia can proudly say that they manufacture vehicles at a site in West Point, Georgia.  

As a large vehicle manufacturing company with a name recognized around the world, Kia presents a juicy target for ransomware attackers.


The Attack

Unfortunately, Kia found themselves as a victim of the DopplePaymer ransomware.  DopplePaymer uses a leverage technique that is gaining popularity in ransomware attacks.  Essentially, before the ransomware encrypts and disables systems, it exfiltrates the organization’s unencrypted data.  Then, the attacker threatens to leak this data unless the organization pays up.

The attacker claims that they stole large amounts of data and will publicly release it, unless Kia pays within the 3 week time frame.

Additionally, the attacker demands 404 Bitcoins, or about $20 million dollars.  Furthermore, If not paid within that time frame, the ransom amount increases to 600 Bitcoins, or approximately $30 million dollars.

Here is the ransomware note, according to Bleeping Computer.

Source: Bleeping Computer


Aftermath for Kia

The attack halted sales in nearly 800 dealerships across the United States. DopplePaymer definitely crippled Kia’s infrastructure, finances, and daily routine.

Going into the future, Kia should expect to include this type of breach in future incident response and disaster recovery planning.  Additional security countermeasures should be implemented to deter future attacks and reduce the potential impact of a successful breach.