Security Experts:

Connect with us

Hi, what are you looking for?



After IT Outage, Carmakers Kia and Hyundai Say No Evidence of Ransomware Attack

Kia possibly hit by ransomware

Kia possibly hit by ransomware

Carmakers Kia and Hyundai, both owned by the South Korea-based Hyundai Motor Group, said they had found no evidence that the outages they suffered in the past week in the United States were the result of a ransomware attack.

Kia Motors America was the first to notify customers via its website that it had been experiencing an IT service outage impacting some of its systems, including internal, customer and dealer systems. Hyundai Motor America later also confirmed some disruptions, but appeared to be less impacted.

“Kia Motors America, Inc. (Kia) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational,” Kia told SecurityWeek in a statement on Thursday.

“We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24-48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience,” it added.

Reports have emerged about the outages being caused by a ransomware attack on Kia and Hyundai systems. One individual claimed on Twitter that a Kia dealership in Arizona had told her that computers had been down for three days due to ransomware.

However, Kia and Hyundai said they were not aware of any ransomware.

“We are aware of online speculation that Kia is subject to a ransomware attack,” Kia said in its emailed statement. “At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack.”

BleepingComputer obtained a ransom note from a cybercrime group that uses the DoppelPaymer ransomware, claiming that they had managed not only to encrypt files but also to steal “all your private data.” The hackers reportedly want roughly $20 million in bitcoin to decrypt the data and not leak the stolen files — the amount goes up to $30 million if the ransom is not paid within a certain number of days.

SecurityWeek has checked the website where the DoppelPaymer hackers leak data from victims and post proof that they breached companies, but at the time of writing there is no mention of Hyundai or Kia.

It remains to be seen if the carmakers end up confirming being hit by ransomware or if the hackers start leaking data allegedly stolen from them. In some recent attacks, cybercriminals only stole data from victims, but did not encrypt their files, which could make the breach more difficult to detect. However, in this case the ransom note suggests that files have been encrypted, which would make the breach obvious.

Related: Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware

Related: Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

Related: HR Giant Randstad Hit by Egregor Ransomware

Related: Canon Says Data Stolen in August 2020 Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.