Following a nationwide outage, it has now emerged that the American subsidiary of popular South Korean automaker, Kia Motors, has been targeted by the notorious DoppelPaymer ransomware gang.
According to a ransom note accessed by BleepingComputer, the operators behind DoppelPaymer are demanding 600 Bitcoin (worth about $30 million), but will settle for 404 Bitcoin (worth about $20 million) if KIA decides to pay within ten days.
DoppelPaymer is one of the major ransomware operators, and in December last year the FBI warned about the gang’s increased activities.
As we reported last month, ransomware operators are getting more vicious and now follow up their break-ins by launching Distributed Denial of Service (DDoS) attacks to further disrupt the operations of their targets.
If the attack on Kia is indeed the work of DoppelPaymer, It would seem they have joined the ranks of ransomware operators who employ what security experts refer to as the double-extortion technique.
The ransomware note is reportedly addressed to Hyundai Motor America. Hyundai once owned a majority stake in Kia, but that’s no longer true. In any case, the note includes a Tor link to a payment page that claims DoppelPaymer has taken possession of a “huge amount” of data from Kia Motors America.
In what is the typical ransomware modus operandi, the note threatens to make portions of the data public if the company refuses to pay within three weeks.
Kia Motors America, while acknowledging the system outage, has however denied that it’s been the target of a ransomware attack.