Kia Motors America suffers ransomware attack, $20 million ransom


Level 3
Thread author
May 14, 2019
Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.
In a ransom note seen by BleepingComputer, the attackers state that they attacked Hyundai Motor America, Kia's parent company. Hyundai does not appear to be affected by this attack.

The ransom note contains a link to a private victim page on the DoppelPaymer Tor payment site that once again states the target is 'Hyundai Motor America.'

The Tor victim page says that a "huge amount" of data was stolen, or exfiltrated, from Kia Motors America and that it will be released in 2-3 weeks if the company does not negotiate with the threat actors.

DoppelPaymer is known for stealing unencrypted files before encrypting devices and then posting portions on their data leak site to further pressure victims into paying.

To prevent the leak of the data and receive a decryptor, DoppelPaymer is demanding 404 bitcoins worth approximately $20 million. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.


Level 9
Nov 7, 2016
I think larger the company is, more the chances are of such attacks. Some user among the 1000's of employees will fall prey to ransomware either through mistake, lack of security knowledge, negligence of IT Dept. etc. I think it is becoming more and more important to use Managed Services providers though this may have other drawbacks.