Kia has reportedly been hit with a $20 million ransomware attack that has knocked out network services for both its dealers and customers who are subscribed to its UVO connected services. Per BleepingComputer, the attack bears the signature of DoppelPaymer.
There have been impacts throughout the company's business, with some customers reporting that they could not take delivery of newly purchased cars because Kia dealers were unable to complete transactions due to the associated outage. Owners also reported that the outage is impacting Kia's UVO connected services, locking them out of their apps and other features.
— JDRMTB (@big2mo) February 13, 2021
Ransomware attacks are generally two-pronged. Once the program has been installed on a target's system (often either through phishing or another form of social engineering), it is typically programmed to encrypt and duplicate an organization's data. This often locks the victim out of its own system, rendering them unable to conduct normal operations. If this alone is not enough to get the victim organization to pay the hackers' ransom, the attackers will threaten to leak the stolen data, which could include private customer information, protected IP, or other sensitive content.
"Since late August 2019, unidentified actors have used DoppelPaymer ransomware to encrypt data from victims within critical industries worldwide such as healthcare, emergency services, and education, interrupting citizens’ access to services," The FBI said in its DoppelPaymer brief.
"Since its emergence in June 2019, DoppelPaymer ransomware has infected a variety of industries and targets, with actors routinely demanding six- and seven-figure ransoms in Bitcoin (BTC). Prior to infecting systems with ransomware, the actors’ exfiltrate data to use in extortion schemes and have made follow-on telephone calls to victims to further pressure them to make ransom payments."
Kia's commentary has been relatively brief, telling outlets only that it was "aware of IT outages involving internal, dealer and customer-facing systems," and that the company was "working to resolve the issue and restore normal business operations as quickly as possible."