KIA Motors America was the first to notify customers via its website that it had been experiencing an IT service outage impacting some of its systems, including internal, customer and dealer systems. Hyundai Motor America later also confirmed some disruptions, but appeared to be less impacted.
We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24-48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience
Reports have emerged about the outages being caused by a ransomware attack on Kia and Hyundai systems.
Researchers obtained a ransom note from a cybercrime group that uses the DoppelPaymer ransomware, claiming that they had managed not only to encrypt files but also to steal “all your private data.” The hackers reportedly want roughly $20 million in bitcoin to decrypt the data and not leak the stolen files the amount goes up to $30 million if the ransom is not paid within a certain number of days.
It remains to be seen if the carmakers end up confirming being hit by ransomware or if the hackers start leaking data allegedly stolen from them. In some recent attacks, cybercriminals only stole data from victims, but did not encrypt their files, which could make the breach more difficult to detect. However, in this case the ransom note suggests that files have been encrypted, which would make the breach obvious.