https://www.thedrive.com/tech/39309/the-apparent-hackers-behind-kias-ransomware-attack-are-demanding-millions-in-bitcoin * The War Zone * Reviews * Car Warranties * Deals * + The War Zone + Reviews + Car Warranties + Deals + Newsletter Signup * Newsletter Signup * * + + + + + The Apparent Hackers Behind Kia's Ransomware Attack Are Demanding Millions in Bitcoin The automaker denies it was the victim of a cyberattack, but the alleged culprit left a pretty detailed digital ransom note. By Rob Stumpf February 17, 2021 * Tech [Kia-Topsho] SHARE * * * * Rob Stumpf View Rob Stumpf's Articles RobDrivesCars allthingslow Kia seems to be in quite a predicament. As we reported earlier today, the automaker's online services appear to have been severed from the outside world, with customers unable to start their cars remotely via Kia's apps or even log into the company's financing website to pay their bills. All signs pointed to a potential cyberattack against Kia--ransomware most likely--and that's exactly what a new report is claiming it is. A report by information security news site Bleeping Computer seems to solidify that theory, as the publication shared a screenshot of an alleged ransom note asking Kia for the hefty sum of $20,000,000 to decrypt its files. [message-ed] Screenshot: Kia The infection is believed to be the work of a group called DoppelPaymer by Crowdstrike researchers in 2019. Such threat actors routinely hunt big game for large payouts, according to a security bulletin released by the FBI late last year. The note left behind mentions that the malware not only encrypted live data, but also the company's backups, which more sophisticated attacks of this nature often do to prevent an easy restoration. To make matters worse, it also claims to have exfiltrated a large amount of data along with the hack which it says it will release within three weeks. It's not clear what kind of data was exfiltrated by the attackers, however, the note claims that it was a "huge amount" of it, and the number of Kia's online services that were affected does elude to the possibility of a broad net being cast into Kia's network. In more simple terms, these alleged attackers stole a bunch of stuff out of Kia's house and then locked the doors to some of the bedrooms inside. After reaching out to Kia multiple times, The Drive finally received an answer on the matter. A Kia spokesperson confirmed that Kia is "experiencing an extended systems outage," though it does not mention the nature of the outage. It also downplays the ransomware attack allegations shared by Bleeping Computer. "Kia Motors America, Inc. is currently experiencing an extended systems outage," a Kia spokesperson told The Drive via email. "Affected systems includetheKiaOwnersPortal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected customers and are working to resolve the issue as quickly as possible with minimal interruption to our business." The spokesperson added: "We are also aware of online speculation that Kia is subject to a 'ransomware' attack. At this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a 'ransomware' attack." Having said that, the report on Bleeping Computer indicates detailed notes from these purported attackers. The attackers apparently used a Protonmail email address to communicate and display a web page on Tor, an encrypted peer-to-peer network that promotes anonymity, complete with an online chat function in case they need support to pay the ransom. At the time of this writing, the hackers were requesting 404.5412 Bitcoin, which equates to roughly $20.9 million. But the message also warns that as they take longer to pay, the fee goes up, ending in 600 Bitcoin ($31 million) should the automaker not pay up within nine days. Screenshots of the actual notes have been published by Bleeping Computer and can be viewed here. It's also worth noting that DoppelPaymer is the same malware that was responsible for exfiltrating and encrypting data from Visser, a defense contractor and parts manufacturer for both Tesla and SpaceX, just last year. Meanwhile, Kia's key connected services remain offline, meaning customers are unable to pay their car loans, remotely start their vehicles, or other functions using Kia's infrastructure. Dealerships also appear to be affected by the outage. One dealership we spoke with acknowledged that there was malware in-play and also mentioned that they couldn't process customer orders or even look up detailed information on check engine light codes. So while Kia denies that this was, in fact, a cyberattack, the data uncovered here may prove otherwise. Regardless of what happened, it's a nasty headache for the automaker that comes at a pretty inopportune time. As we noted previously, it means that many Kia owners may be unable to remotely unlock their vehicles or warm them up during an especially nasty winter storm hitting much of the country this week. Got a tip? Send us a note: tips@thedrive.com MORE TO READ * RELATED The $48 Million Toyota Prius, and Other Cars Bought in Bitcoin Worth a Fortune Today With Bitcoin at an all-time high of nearly $50,000, there's a bit of regret to be felt here for these early splurges. READ NOW * RELATED Tesla Buys $1.5B in Bitcoin and Plans to Accept the Cryptocurrency as Payment Bitcoin, Dogecoin, GameStop... what's next? READ NOW * RELATED Elon Musk, Bill Gates, and Other Famous People Hacked in Gigantic Twitter Bitcoin Scheme No, Elon Musk isn't giving you free Bitcoin. But this is as good a reason as any to quit Twitter. READ NOW * RELATED Texas Dealer Becomes First to Accept Bitcoin for Rolls-Royce Sales Got a digital wallet bubbling with Bitcoin? A Texas dealer wouldn't mind trading you a Rolls-Royce for some of it. READ NOW * RELATED Bitcoin Mining Is Using 30 Times the Energy of All the Teslas in the World Combined Think electric cars are secretly dirty? The world's biggest cryptocurrency is worse. READ NOW Sign up for our newsletter Technology, performance and design delivered to your inbox. SIGN UP the drive site logo * * * * * * The Drive Team * RV Rentals * Do Not Sell My Personal Information * Privacy Policy * Your California Privacy Rights * Terms of Service * Contact Us (c) Brookline Media Inc. All Rights Reserved. We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.