Kia Motors America experiences massive IT outage across the US

[mood]

Kia Motors America experiences massive IT outage across the US

 

Kia Motors USA is experiencing a nationwide outage affecting IT servers, self-payment phone services, dealer platforms, and phone support.

 

The outage started Saturday when the Kia Owners Portal went offline and began displaying an error message stating that Kia was "experiencing an IT service outage that has impacted some internal networks."

 

IT outage message on Kia Owners Portal

 

The company's phone self-help services are also impacted, with the customer support numbers stating that they have server issues that may affect their ability to help customers.

 

Calling the Kia finance number also results in a pre-recorded message stating that the self-service option is not available due to scheduled maintenance.

 

The outage also affects the company's mobile apps, such as 'Kia Access with UVO Link', 'UVO eServices', and 'Kia Connect'.

 

When attempting to use the apps, users are greeted with various messages, including SQL errors, bad certificates, or maintenance messages stating there is an IT outage, as shown below.

 

Kia mobile app outages

 

Kia employees have told BleepingComputer that this is a nationwide outage that started Saturday morning.

 

A Kia dealership has told BleepingComputer that the outage is also affecting dealers' access to Kia's KGSIS (Kia Global Service Information System) and their KDealer platform.

Possible ransomware attack?

One Twitter user shared that they could not pick up their car due to a ransomware attack taking down Kia's systems.

 

@Kia I went to the Kia dealership in Arizona and signed a new lease, yet the manager told me your computers have been down for 3 days due to Ransomware and has affected Kia all over the USA. Can’t get my car for ???? Now what?

 

— Amybean (@amylee62) February 16, 2021

 

While BleepingComputer has been  unable to independently confirm if this outage is caused by a cyberattack, the large amount of IT systems, phone services, and mixed messages about scheduled maintenance, and server issues indicates that this is likely more then just a scheduled maintenance.

 

This outage is even more concerning since it has been ongoing for four days and dealers are being told that there is no ETA as to when it will be resolved.

 

We have contacted Kia to confirm if this is a ransomware attack and are awaiting a statement.

 

 

Source: Kia Motors America experiences massive IT outage across the US

[mood]

Kia Motors America suffers ransomware attack, $20 million ransom

 

 

Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.

 

Kia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has nearly 800 dealers in the USA with cars and SUVs manufactured out of West Point, Georgia.

 

Yesterday, we reported that Kia Motors America was suffering a nationwide IT outage that has affected their mobile UVO Link apps, phone services, payment systems, owner's portal, and internal sites used by dealerships.

 

When visiting their sites, users are met with a message stating that Kia is "experiencing an IT service outage that has impacted some internal networks," as shown below.

 

 

A Kia owner tweeted that when they attempted to pick up their new car, a dealership told them that the servers were down due to a ransomware attack.

 

When we contacted Kia Motors America yesterday about these outages and ransomware reports, KMA told us that they were working on resolving the outage.

 

"KMA is aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We apologize for any inconvenience to our customers and are working to resolve the issue and restore normal business operations as quickly as possible." - Kia Motors America.

 

If you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal at +16469613731 or on Wire at @lawrenceabrams-bc.

Kia was attacked by the DoppelPaymer ransomware

Today, BleepingComputer obtained the ransom note created during the Kia Motors America cyberattack, showing that they were targeted by the DoppelPaymer ransomware gang.

 

In a ransom note seen by BleepingComputer, the attackers state that they attacked Hyundai Motor America, Kia's parent company. Hyundai does not appear to be affected by this attack.

 

Kia Motors America ransom note

Source: BleepingComputer

 

The ransom note contains a link to a private victim page on the DoppelPaymer Tor payment site that once again states the target is 'Hyundai Motor America.'

 

The Tor victim page says that a "huge amount" of data was stolen, or exfiltrated, from Kia Motors America and that it will be released in 2-3 weeks if the company does not negotiate with the threat actors.

 

DoppelPaymer is known for stealing unencrypted files before encrypting devices and then posting portions on their data leak site to further pressure victims into paying.

 

Tor payment page for the Kia ransomware attack

Source: BleepingComputer

 

To prevent the leak of the data and receive a decryptor, DoppelPaymer is demanding 404 bitcoins worth approximately $20 million. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.

 

404 bitcoin ransom demand

Source: BleepingComputer

 

The DoppelPaymer operation has not indicated what type of data has been stolen. Based on the amount of Kia services suffering an outage, we can expect a wide range of affected servers.

 

The stealing of unencrypted files has become a widely used tactic by ransomware operations to coerce victims to pay, with Emsisoft stating it has affected more than 1,300 companies globally.

"Globally, more than 1,300 companies, many US-based, lost data including intellectual property and other sensitive information. Note, this is simply the number of companies which had data published on leak sites and takes no account of the companies which paid to prevent publication," states Emsisoft's 2020 State of Ransomware report.

Other well-known victims attacked by DoppelPaymer in the past include Foxconn, Compal, PEMEX (Petróleos Mexicanos), the City of Torrance in California, Newcastle University, Hall County in Georgia, Banijay Group SAS, and Bretagne Télécom.

 

BleepingComputer has once again reached out to Kia for an updated statement but has not heard back.

 

 

Source: Kia Motors America suffers ransomware attack, $20 million ransom

[mood]

Kia Denies Ransomware Attack

 

 

Kia Motors America has said a recent computer network outage problem was not caused by a ransomware attack.

 

IT outages began on Saturday, impacting both Kia and affiliated automaker Hyundai Motor America, both of which are owned by the South Korea–based Hyundai Motor Group. The issues experienced by Hyundai were not as severe as those impacting Kia. 

 

As a result of the network problems, dealers have been unable to order parts and vehicles. A smartphone app that Kia owners can use to start and warm up their vehicles remotely has also been impacted.

 

On February 15, a Twitter user claimed in a tweet that Kia's entire United States operation had been impacted by a ransomware attack.

"I went to the Kia dealership in Arizona and signed a new lease, yet the manager told me your computers have been down for 3 days due to Ransomware and has affected Kia all over the USA. Can’t get my car for ???? Now what?" tweeted @amylee62.

 

In a statement released Thursday, Kia said: “We are aware of online speculation that Kia is subject to a ransomware attack. At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack.”

 

The car maker said that a recovery was under way, then went on to apologize to customers who weren't able to warm up their cars at a time when much of America is experiencing severe winter weather.

“Kia Motors America, Inc. (Kia) has been experiencing an extended systems outage since Saturday but can confirm that the UVO app and owner’s portal are now operational,” said Kia.

 

“We anticipate remaining primary customer-facing affected systems will continue to come back online within the next 24–48 hours, with our most critical systems first in line. We apologize for the inconvenience to affected customers, especially those impacted by winter storms, who felt the outage of our remote start and heating feature most acutely. Kia is wholly focused on fully resolving this issue and would like to thank our customers for their continued patience.”

 

 

Source: Kia Denies Ransomware Attack