[TusharK]

Kia Motors America has reportedly suffered a ransomware attack. Hackers known as the DoppelPaymer gang have demanded US$ 20 million for a decryptor. The hackers have also threatened to leak the stolen data if the ransom is not paid.



Earlier this week, there were reports of a nationwide outage that affected the carmaker's UVO Link apps, phone services, payment systems, owner's portal and internal sites used by dealerships.

According to a ransom note, the same gang of hackers had attacked Hyundai Motor America, which is Kia's parent company. The gang is believed to have stolen a huge amount of data, the exact details of which are unknown.

Meanwhile, neither Kia nor Hyundai have confirmed the cyberattack.

Source: BleepingComputer

Thanks to Ramanujan for the heads-up.

[TrackDay]

This is why I hate connected car tech. Of all the data collected from us, the one I fear the most is our timing and route pattern. This can easily tell thieves what time we go, where we go etc. Although some applaud connected tech for the many pros such as immediate dispatch in case of accidents etc., the cons are there too.

[neelkumar]

I'm a little surprised with Kia's public statement, but I guess that is expected till they understand the extent of the hack and also figure out a way to safely how out of it.

Quote:

Kia Motors America, Inc. (“Kia”) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational. We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24-48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience.

We are aware of online speculation that Kia is subject to a ransomware attack. At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack.

I couldn't access the link shared. But I found more info on this link and apparently:

Quote:

The hackers are requesting 404.5833 bitcoin to decrypt the data, and at current values, this is equivalent to $20,899,559.53. If Kia doesn't pay quickly enough, then the ransom increases to 600 bitcoin ($30,994,200)

[Turbohead]

Totally screwed up!

Safe to assume that they've lost 20 million dollars. It's either that or they have to pay a good amount of money to some experts to decrypt it with the risk of failing which can lead to them paying out 30 million.

Prevention is better than cure. Let's not forget that we can be targets too, but with much smaller amounts- enough to convince us to pay up rather than buy a new laptop, apart from the loss of invaluable personal data.

[batladanny]

Connected car tech and internet-of-things devices are fraught with security issues and it is a matter of time before more such incidents happen. Sadly, it is getting harder to find cars — especially as you move higher up the price ladder — that don't have this "feature".

[Venkatesh]

Kia Motors America has denied reports that it was a victim of a recent ransomware attack.

Quote:

According to reports in the US media, Kia released a statement which highlighted that as per all the information available, there is no evidence to suggest that either the company or its data has been a victim to a ransomware attack. While apologizing to customers for the inconvenience caused, Kia also said that efforts are on to address the issue of outage and that most of the repair processes are now in place and active. "We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely," the statement read.

Cybersecurity news outlet BleepingComputer earlier this week had reported that as per a note it had received, ransomware gang Doppelpaymer had demanded $20 million from Hyundai to decode scrambled data. Both Hyundai and Kia systems had faced outage this week which had resulted in many car owners taking to social media to raise complaints. One buyer said she was unable to lease a Kia vehicle, most others said they were unable to turn on the car warming function remotely. Several others complained they were not able to start their vehicle through the app.

Associated Press reports that Kia has not yet confirmed if it has suffered delays in delivering vehicles to dealerships because of the outage woes even as several other reports mention dealers having suffered a push back in timelines.

Source

[RedTerrano]

Quote:

Originally Posted by TrackDay

This is why I hate connected car tech. Of all the data collected from us, the one I fear the most is our timing and route pattern. This can easily tell thieves what time we go, where we go etc. Although some applaud connected tech for the many pros such as immediate dispatch in case of accidents etc., the cons are there too.

Indeed!
And it's not only data. Theoretically, a hacker can hack into your can and say disable your brakes.
Call me paranoid, but I would rather drive a vehicle which I control 100%.

[Eshan Joshi]

Quote:

Originally Posted by TrackDay

This is why I hate connected car tech. Of all the data collected from us, the one I fear the most is our timing and route pattern. This can easily tell thieves what time we go, where we go etc. Although some applaud connected tech for the many pros such as immediate dispatch in case of accidents etc., the cons are there too.

Here is a video explaining this:

https://www.youtube.com/watch?v=SpbpD0qDSho

[TrackDay]

Quote:

Originally Posted by Eshan Joshi

Here is a video explaining this:

https://www.Youtube.com/watch?v=SpbpD0qDSho

I bet my car knows that I watched this video now . Like most have said, it feels like the car is a double agent in your own home. First it was cell phones, Now cars ! I bet even my TV is in this scheme too. Constantly spying on me. Heck this is how I see all connected vehicles now! God knows what they are up to.

Back to the topic of Kia ransomware attack, soon enough car service centers will be selling us protection software. It might also come as a feature on higher variants !