Kia denies ransomware attack 'speculation' as it recovers from days-long outages

Hyundai was affected too, to a lesser degree

BOSTON — Kia Motors America says it’s restoring services crippled by a computer network outage that began Saturday and which apparently affected dealers’ ability to order vehicles and parts and knocked offline a smartphone app that owners use to remotely start and warm up vehicles.

Both Kia and affiliated automaker Hyundai Motor America, which reported a less severe IT outage it said also began Saturday, said they had no evidence the problems were caused by ransomware. Neither would provide an explanation for what caused them.

In a statement on Thursday, Kia cited “online speculation” that it was hit by ransomware, which scrambles data until a victim pays to have it decoded. “At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack,” the company said.

The cybersecurity news outlet BleepingComputer reported Wednesday that it obtained a note in which the ransomware gang Doppelpaymer was demanding $20 million from Hyundai to decode scrambled data. The report said the gang was threatening to leak online data stolen from Hyundai unless the South Korean automaker paid up.

Kia said its UVO app, which offers the “remote start” function, was coming back online Thursday. It would not confirm that the outage delayed vehicle deliveries and maintenance, although Automotive News and The Associated Press spoke to dealers who said it had.

For instance, a Phoenix woman, Amy Horowitch, tweeted to complain that the outage had held up her attempt to lease a Kia vehicle. She told the AP that two salespeople at a Phoenix dealership told her ransomware was to blame. The dealership referred questions to Kia’s corporate office.

Hyundai said a “limited number of customer-facing systems” were impacted and that its Bluelink smartphone app was not affected.

Doppelpaymer is a leading Russian-speaking ransomware gang. It emerged in mid-2019 and has attacked multiple industries and public agencies. Doppelpaymer is one of a number of ransomware syndicates that have increasingly tried to extort victims — from law firms to factories to healthcare providers — by threatening to publish sensitive data.

Ransomware has reached epidemic proportions in the past three years, costing the public and private sector tens of billions of dollars, mostly from lost business and recovery, according to Bill Siegel, CEO of Coveware, which helps victims respond to attacks.

Kia Information

Share This Photo X