Kia Motors America Inc. has been allegedly struck by a DoppelPaymer ransomware attack along with a demand for a 404 bitcoin ($20 million) ransom payment.

As reported by Bleeping Computer, the attack appeared first with a nationwide information technology outage across Kai’s North American business earlier this week. The outage affected Kia’s mobile UVO Link app, phone services, payment systems, payment systems, owner portal and internal sites used by dealerships.

A ransom note allegedly sent to Kia indicated that it was a double-tap ransomware attack in which both files were encrypted and stolen. In the note, the DoppelPaymer gang threatens to publish the stolen data within three business days if payment for a decryption tool was not forthcoming.

The threats of publishing stolen data are not hollow: Hon Hai Precision Industry Co., better known as Foxconn, was struck by DoppelPaymer in December, with stolen files subsequently published on the dark web, the shady corner of the internet where illicit activity is often conducted, when it refused to pay up. Previously known DoppelPaymer ransomware attacks include “Big Brother” producer Endemol Shine and Mexican state-owned petroleum firm Petróleos Mexicanos.

Officially Kia Motors America is denying that it has been struck by ransomware, telling The Drive that though it was aware of the reports, “at this time, we can confirm that we have no evidence that Kia or any Kia data is subject to a ‘ransomware’ attack.”

“DoppelPaymer and others are immensely more profitable when they target large organizations and disrupt their critical IT operations,” Andrea Carcano, co-founder of industrial cybersecurity firm Nozomi Networks Inc., told SiliconANGLE. “These ransomware scenarios should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision-makers need to be prepared to weigh the risks and consequences of alternate actions.”

Niamh Muldoon, global data protection officer at cloud-based identity and access management provider OneLogin Inc., noted that ransomware is the No. 1 cybercrime because it offers a high return on investment.

“During 2021 we will definitely see cybercriminal individuals and groups try to maximize their return of investment with their attacks, whether it’s targeting high-value individuals or large enterprise organizations like a car company,” Muldoon added.

Photo: Kia Motors America