Following a nationwide outage, it has now emerged that the American subsidiary of popular South Korean automaker, Kia Motors, has been targeted by the notorious DoppelPaymer ransomware (opens in new tab) gang.
According to a ransom note accessed by BleepingComputer, the operators behind DoppelPaymer are demanding 600 Bitcoin (opens in new tab) (worth about $30 million), but will settle for 404 Bitcoin (opens in new tab) (worth about $20 million) if KIA decides to pay within ten days.
DoppelPaymer is one of the major ransomware operators, and in December last year the FBI warned (opens in new tab) about the gang’s increased activities.
- Take a look at these best malware removal software (opens in new tab)
- We've put together a list of the best endpoint protection software (opens in new tab)
- Protect your devices with these best antivirus software (opens in new tab)
As we reported last month, ransomware operators are getting more vicious (opens in new tab) and now follow up their break-ins by launching Distributed Denial of Service (DDoS) attacks to further disrupt the operations of their targets.
If the attack on Kia is indeed the work of DoppelPaymer, It would seem they have joined the ranks of ransomware operators who employ what security experts refer to as the double-extortion technique.
The ransomware note is reportedly addressed to Hyundai Motor America. Hyundai once owned a majority stake in Kia, but that’s no longer true. In any case, the note includes a Tor link to a payment page that claims DoppelPaymer has taken possession of a “huge amount” of data from Kia Motors America.
In what is the typical ransomware modus operandi, the note threatens to make portions of the data public if the company refuses to pay within three weeks.
Kia Motors America, while acknowledging the system outage, has however denied that it’s been the target of a ransomware attack.
- Here’s our list of the best disaster recovery services (opens in new tab)
Via: BleepingComputer (opens in new tab)