Is it or Is it Not Ransomware? Kia Denies Ransomware Attack

Last week, it was reported that Kia Motors America and Hyundai Motors America suffered some unexplained outages across their network.  Initial reports show the outage affected Kia’s mobile UVO Link apps, phone services, payment systems, owner portal, and internal websites used by dealerships.

BleepingComputer released an article on February 17th stating they received a copy of the ransomware note sent to Hyundai (parent company of Kia) from the DoppelPaymer ransomware gang. Bleeping computer has published a copy of the note, stating their demand for 404 bitcoins worth approximately $20 million. If the ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million. Other well-known victims attacked by DoppelPaymer in the past include Foxconn, Compal, PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University, Hall County in Georgia, Banijay Group SAS, and Bretagne Télécom.

Despite the leaked note and the rumours among customer, both Kia and Hyundai are denying that they have suffered a ransomware attack.  Kia says: “Kia Motors America, Inc. (Kia) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational. We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24–48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience. We are aware of online speculation that Kia is subject to a ransomware attack. At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack”

Similarly, Hyundai told BleepingComputer that they have no evidence of a “ransomware” attack: “At this time, we can confirm that we have no evidence of Hyundai Motor America’s involvement in a “ransomware” attack.”

At this point, it is uncertain if Hyundai and Kia are the victims of a cyber attack or simply just suffering a random IT issue.  If it is a cyber attack, why deny it?  There is always a risk that consumers will lose trust after a breach, however consumers will really lose confidence if it is found out that there was a breach and the company lied about it.  The best course of action if you are breached is to come forward. Warn consumers that their data could be at risk and the steps they need to take to protect it.  Let the authorities and cyber experts know what type of attack you were hit with, so to better prevent it from happening to you or someone else again.  If you try to hide the fact that you did indeed suffer a breach, consumers will lose faith in the products and services you provide.