Connect with us

Hi, what are you looking for?



After IT Outage, Carmakers Kia and Hyundai Say No Evidence of Ransomware Attack

Kia possibly hit by ransomware

Kia possibly hit by ransomware

Carmakers Kia and Hyundai, both owned by the South Korea-based Hyundai Motor Group, said they had found no evidence that the outages they suffered in the past week in the United States were the result of a ransomware attack.

Kia Motors America was the first to notify customers via its website that it had been experiencing an IT service outage impacting some of its systems, including internal, customer and dealer systems. Hyundai Motor America later also confirmed some disruptions, but appeared to be less impacted.

“Kia Motors America, Inc. (Kia) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational,” Kia told SecurityWeek in a statement on Thursday.

“We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24-48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience,” it added.

Reports have emerged about the outages being caused by a ransomware attack on Kia and Hyundai systems. One individual claimed on Twitter that a Kia dealership in Arizona had told her that computers had been down for three days due to ransomware.

However, Kia and Hyundai said they were not aware of any ransomware.

“We are aware of online speculation that Kia is subject to a ransomware attack,” Kia said in its emailed statement. “At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack.”

BleepingComputer obtained a ransom note from a cybercrime group that uses the DoppelPaymer ransomware, claiming that they had managed not only to encrypt files but also to steal “all your private data.” The hackers reportedly want roughly $20 million in bitcoin to decrypt the data and not leak the stolen files — the amount goes up to $30 million if the ransom is not paid within a certain number of days.

Advertisement. Scroll to continue reading.

SecurityWeek has checked the website where the DoppelPaymer hackers leak data from victims and post proof that they breached companies, but at the time of writing there is no mention of Hyundai or Kia.

It remains to be seen if the carmakers end up confirming being hit by ransomware or if the hackers start leaking data allegedly stolen from them. In some recent attacks, cybercriminals only stole data from victims, but did not encrypt their files, which could make the breach more difficult to detect. However, in this case the ransom note suggests that files have been encrypted, which would make the breach obvious.

Related: Enterprise Solutions Provider ‘Software AG’ Hit by Clop Ransomware

Related: Packaging Giant WestRock Says Ransomware Attack Impacted OT Systems

Related: HR Giant Randstad Hit by Egregor Ransomware

Related: Canon Says Data Stolen in August 2020 Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights