Security Experts:

Connect with us

Hi, what are you looking for?



After IT Outage, Carmakers Kia and Hyundai Say No Evidence of Ransomware Attack

Kia possibly hit by ransomware

Kia possibly hit by ransomware

Carmakers Kia and Hyundai, both owned by the South Korea-based Hyundai Motor Group, said they had found no evidence that the outages they suffered in the past week in the United States were the result of a ransomware attack.

Kia Motors America was the first to notify customers via its website that it had been experiencing an IT service outage impacting some of its systems, including internal, customer and dealer systems. Hyundai Motor America later also confirmed some disruptions, but appeared to be less impacted.

“Kia Motors America, Inc. (Kia) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational,” Kia told SecurityWeek in a statement on Thursday.

“We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24-48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience,” it added.

Reports have emerged about the outages being caused by a ransomware attack on Kia and Hyundai systems. One individual claimed on Twitter that a Kia dealership in Arizona had told her that computers had been down for three days due to ransomware.

However, Kia and Hyundai said they were not aware of any ransomware.

“We are aware of online speculation that Kia is subject to a ransomware attack,” Kia said in its emailed statement. “At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack.”

BleepingComputer obtained a ransom note from a cybercrime group that uses the DoppelPaymer ransomware, claiming that they had managed not only to encrypt files but also to steal “all your private data.” The hackers reportedly want roughly $20 million in bitcoin to decrypt the data and not leak the stolen files — the amount goes up to $30 million if the ransom is not paid within a certain number of days.

SecurityWeek has checked the website where the DoppelPaymer hackers leak data from victims and post proof that they breached companies, but at the time of writing there is no mention of Hyundai or Kia.

It remains to be seen if the carmakers end up confirming being hit by ransomware or if the hackers start leaking data allegedly stolen from them. In some recent attacks, cybercriminals only stole data from victims, but did not encrypt their files, which could make the breach more difficult to detect. However, in this case the ransom note suggests that files have been encrypted, which would make the breach obvious.

Related: Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware

Related: Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

Related: HR Giant Randstad Hit by Egregor Ransomware

Related: Canon Says Data Stolen in August 2020 Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...