Kia Motors America Suffers $20 Million Ransomware Attack: Expert Commentary

Kia Motors America disclosed suffering a ransomware attack demanding $20 million for the decryption code and to avoid a data leak. The DoppelPaymer gang appears responsible for the attack. 

The ransomware attack caused a nationwide IT outage, affecting Kia’s phone services, payment systems, owner’s portals, and internal sites. The ransomware note claims to have attacked Kia Motors America’s parent company Hyundai, although Hyundai appears unaffected at this time. The DoppelPaymer gang claims to have stolen a large amount of data and will release it in the next few weeks if their demands aren’t met. Additionally, the ransom will increase to $30 million after a set amount of time. 

What data and how much has been stolen remain currently unknown. In a statement, Kia Motors America denied suffering a ransomware attack. 

We consulted experts on the impact and best practices lessons. 

Experts Commentary: Kia Motors America Suffers $20 Million Ransomware Attack

Andrea Carcano

Andrea Carcano is Co-Founder of Nozomi Networks. 

“Unfortunately, these types of attacks are becoming all too common; DoppelPaymer and others are immensely more profitable when they target large organizations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner’s portals, and internal dealership sites.

These ransomware scenarios should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear-phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption.

Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication, and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware.” 

Niamh Muldoon

Niamh Muldoon is Global Data Protection Officer with OneLogin. 

“Ransomware continues to be a global cybersecurity threat. In the business of cyber-crime, ransomware takes the top spot since it has a high ROI by holding the victims’ ransom for financial payment. Cyber-criminals will of course continue to focus their efforts on this revenue-generating stream as we’re now seeing with the DoppelPaymer gang targeting Kia.

During 2021 we will definitely see cyber-criminal individuals and groups try to maximize their return of investment with their attacks, whether it’s targeting high-value individuals and/or large enterprise organizations like a car company. The key message here is no one person or industry is exempt from the ransomware threat and it requires constant focus, assessment, and review to ensure you and your critical information assets remain safeguarded and protected against it.”

Purandar Das

Purandar Das is CEO and Co-Founder of Sotero Software.

“One more ransomware incident. While the focus is on recovering the stolen data, minimizing customer exposure, and restoring normal operation, as it rightfully should be, companies ought to start revisiting their security approaches. There are two parts to this. One is to start by making the data useless when stolen. That eliminates a big part of the leverage the criminals have. The data is just as valuable as the operational aspects of the system that are affected. The stolen data also causes long-term damage to innocent consumers who trust organizations to protect their data and privacy. Adopting newer encryption technologies that keep data encrypted, even while in use is a must. Second, enabling secure backups of operational systems with fast recovery paths is another. Layering on more security products is not a viable or scalable solution.”

Thanks to the experts for their time and expertise. For more, check out our Endpoint Security Buyer’s Guide and our Backup and Disaster Recovery Buyer’s Guide.