KIA Motors Ransomware Attach: Hackers Demand Up To $30M In Bitcoin

The infamous DoppelPaymer gang has struck again, this time compromising sensitive data from the North American branch of the popular car manufacturer Kia Motors. The perpetrators have requested the ransom to be paid in bitcoin as the total amount could go up to 600 BTC (over $30 million).

Kia Motors America Falls Victim To Ransomware

During a ransomware attack, the perpetrators infiltrate individuals, companies, or organizations to encrypt or steal sensible information. They request a form of ransom to be paid, typically in bitcoin, to provide the necessary encryption tools to the victims to regain access to the data.

According to BleepingComputer, Kia Motors America (KMA) has become the latest victim of such an attack. Headquartered in Irvine, California, KMA is a subsidiary of Kia Motors Corporation and has about 800 dealers in the US.

After a national IT outage that affected phone services, payment systems, owner’s portal, and internal sites, it became evident that the organization had been compromised.

KMA explained that it had experienced “IT outages involving internal, dealer, and customer-facing systems” and said it was working on resolving these issues.

However, BleepingComputer showcased a ransom note left by the DoppelPaymer ransomware gang, saying they had infiltrated the systems. Furthermore, the message reads that the perpetrators had compromised Hyundai Motor America, Kia’s parent company, but there’s no actual evidence of this.

The gang has set up a Tor victim page asserting that they had stolen a “huge amount” of data and threatening to release it in the next 2-3 weeks unless KMA pays a ransom.

Ransomware Note To KMA. Source: BleepingComputer
Ransomware Note To KMA. Source: BleepingComputer

Ransom Requested In Bitcoin

As with previous similar situations, the perpetrators have requested the demand to be paid in bitcoin. More specifically, they have asked for 404.5833 BTC (worth about $21 million) to be transferred within the next several days.

However, if KMA fails to comply within the given timeframe, the ransom will increase by about 50% to 600 BTC (about $31 million).

Interestingly, KMA has sent a statement saying that they have not seen any evidence of a ransomware attack. The organization reaffirmed its stance that the issues have come from a regular system outage instead of an organized attack.

CryptoPotato reported recently that the giant electronics manufacturer Foxconn experienced such an attack last year, and the attackers requested about $34 million in BTC as well.

Source: Crypto Potato