Kia tackles computer network outages, denies virus attack

Kia Motors America says it is restoring services affected by a computer network outage that began Saturday, which frustrated dealers’ ability to order vehicles and parts and knocked offline a smartphone app that owners use to remotely start and warm up vehicles.

Both Kia and affiliated automaker Hyundai Motor America, which reported a less severe IT outage, said they had no evidence the problems were caused by ransomware.

But they did not provide an explanation for what caused them either.

Kia, in a statement, cited an “online speculation” that it was hit by ransomware, which scrambles data until a victim pays to have it decoded.

“At this time, and based on the best and most current information, we can confirm that we have no evidence that Kia or any Kia data is subject to a ransomware attack,” the company said.

The cybersecurity news outlet BleepingComputer reported Wednesday that it obtained a note in which the ransomware gang Doppelpaymer was demanding $20 million from Hyundai to decode scrambled data. The report said the gang was threatening to leak online data stolen from Hyundai unless the South Korean automaker paid up.

Kia said its UVO app, which offers the “remote start” function, was coming back online Thursday.

It would not confirm that the outage delayed vehicle deliveries and maintenance, although Automotive News and The Associated Press spoke to dealers who said it had.

For instance, a Phoenix woman, Amy Horowitch, tweeted to complain that the outage had held up her attempt to lease a Kia vehicle.

She told the AP that two salespeople at a Phoenix dealership told her ransomware was to blame.

Hyundai said a “limited number of customer-facing systems” were impacted and that its Bluelink smartphone app was not affected.

Doppelpaymer is a leading Russian-speaking ransomware gang that emerged in mid-2019 and has attacked multiple industries and public agencies. It is one of a number of ransomware syndicates that have increasingly tried to extort victims — from law firms to factories to healthcare providers — by threatening to publish sensitive data.

Ransomware has reached epidemic proportions in the past three years, costing the public and private sector tens of billions of dollars, mostly from lost business and recovery, according to Bill Siegel, CEO of Coveware, which helps victims respond to attacks.