The automaker refutes rumors of a cyberattack. Image from Shutterstock
A $27 million ransom has been demanded from Kia Motors America following a ransomware assault “Huge amount of data is reportedly being exposed.
According to a claim by tech website BleepingComputer, which has access to the ransom note, persistent IT failures at Kia Motors America are the consequence of a ransomware attack by the DoppelPaymer gang.
Based in Irvine, California, Kia Motors America is a division of the Kia Motors Corporation and is owned by Hyundai in a minority capacity. It produces cars in Georgia and has approximately 800 dealers across the country.
The company’s mobile “Uvo” apps, phone services, payment systems, owner’s portal, and internal websites used by the dealers have all been hit by IT outages for a number of days.
Another Twitter user claimed that when they went to a Kia car dealership to pick up their new car, they were informed that they couldn’t because the company’s servers were down because of a ransomware assault.
A notification indicating the outage was displayed to website visitors when they arrived at Kia Motors America.
“The statement stated that KMA is aware of IT disruptions affecting internal, dealer, and customer-facing services, including Uvo.
“We apologize for any inconvenience caused to our clients and are working as soon as we can to find a solution and resume regular company operations.
The article claims that the DoppelPaymer gang ransacked Kia Motors America and left a message demanding payment of $US20 million in bitcoin ($26.7 million).
“Your network has been compromised, and until you pay for a decryption tool, your files, backups, and shadow copies won’t be accessible.
“The first portion of the data will be shared with the public if no contact is made within three business days after the infection, and the rest will remain inaccessible to you.
The business was instructed to download and set up the Tor Browser, copy in an address, and process the bitcoin payment.
According to the ransom note, a “Huge amounts of data were taken, and if the hackers are not paid in two or three weeks, they would reveal the data.
If the payment isn’t made right away, the hackers’ demand of 404 bitcoins, presently worth around $US20 million, would rise to 600 bitcoins, currently worth $US30 million.
“According to the firm, there has been online rumors that Kia is the target of a “ransomware” attack.
“We can now state with certainty that there is no proof that Kia or any Kia data has been the target of a “ransomware” assault.
Another high-profile ransomware attack has just occurred, several of which targeted Australian businesses.
These include the logistics firm Toll, which experienced a protracted cyberattack at the beginning of last year and saw the hackers dump data on the dark web, including the personal information of both present and past employees.
Late last year, the popular camera brand Canon was also the target of a ransomware attack in which 10 terabytes of data were taken and a ransom was demanded.
Earlier this year, as part of an international effort against the software, which hackers frequently exploited to dump ransomware, European law enforcement was successful in taking down the notorious botnet Emotet.
Melbourne-based independent journalist Denham Sadler. He previously served as Editor of StartupSmart and writes on politics and technology. Both The Saturday Paper and The Guardian have featured his writing.
In This Article...
What businesses have been targeted by ransomware?
Recent ransomware attacks have attacked a variety of well-known businesses and organizations, including the oil pipeline system Colonial Pipeline.
In 2021, ransomware attacks on important companies including Colonial Pipeline, JBS Foods, and others gained headlines. Hackers are stealing data from businesses, governments, and healthcare organizations around the globe by taking advantage of security flaws and sometimes demanding tens of millions of dollars in ransom.
How is Ransomware Defined?
The Cybersecurity and Infrastructure Assurance Agency (CISA) of the U.S. Government states that ransomware is an ever-evolving type of malware that is intended to encrypt files on a device, rendering any files and the systems that depend on them useless. Then, malicious actors demand a ransom in return for the decryption. Threatening to sell or reveal exfiltrated data or authentication credentials if the ransom is not paid is a common tactic used by ransomware perpetrators.
What does that imply then? To steal confidential information or lock files, hackers take advantage of security flaws. Once you have paid the ransom demanded by these thieves, they will only give you the key to enter your system or release the files.
Recent Ransomware Attacks in the News
Ransomware attacks have increased during the previous few years, many of them in the public eye. The Washington DC Metropolitan Police Department, the Steamship Authority of Massachusetts, the Colonial Pipeline, and JBS (the largest meatpacker in the world) have all been targets of cyberattacks in 2021 that used ransomware as their attack vector. These attacks on American businesses and organizations break down vital infrastructure, which can lead to shortages, higher prices for goods and services, financial loss as a consequence of business closures, loss of money as a result of having to pay the hackers’ ransom, and even worse outcomes.
Additionally, ransom payments and the frequency of cyberattacks both increased in 2020. Harvard Business Review claims that the sums that businesses paid hackers increased by 300 percent. Hacker groups had the ideal chance to compromise sensitive data thanks to the unexpected rise in remote work and the deterioration of security measures at home.
Healthcare Ransomware
Many hackers hunt for potential financial gain when there is unrest and disruption during times of crisis. Cyberattacks in the healthcare industry have drawn more attention since the COVID-19 disaster in 2020. According to a research by Comparitech, ransomware attacks have a significant financial impact on the healthcare industry, costing over $20 billion in lost income, lawsuit costs, and ransom payments in just 2020. Over the course of the year, 92 ransomware attacks affected over 600 hospitals, clinics, and other healthcare organizations.
Kevin Mandia, CEO of cybersecurity company FireEye, clarified the motives for the targeting of these healthcare institutions. Pharmaceutical businesses, hospitals, healthcare facilities, publicly traded companies, and other institutions that lack the aptitude and expertise to protect themselves are receiving a sucker punch, according to Mr. Mandia. Johnson & Johnson experiences 15.5 billion cybersecurity incidents every single day, according to Marene Allison, the company’s top information security officer. (Review of Becker’s Hospital)
Additionally, due to the critical nature of healthcare, ransomware attacks can result in fatalities in addition to financial loss and the loss of patient data. Teiranni Kidd sued Springhill Medical Center in Alabama following a problematic delivery, according to NBC News. The hospital experienced a ransomware assault in 2019 that caused their IT systems to go offline. Kidd was not alerted to the attack by the hospital. Kidd and her child allegedly received “diminished treatment and skipped critical tests that may have avoided the baby’s serious brain impairment, which caused her death nine months later,” according to the story. This is only one instance, and there are probably more serious ways that cyberattacks have an impact on human existence.
High-Profile Ransomware Attacks in 2021
Numerous high-profile attacks on businesses and corporations in the nation and around the world have occurred in 2021. The cybersecurity defenses of 292 firms were breached by just six ransomware organizations. Through their attacks, these criminal organizations have already obtained more than $45 million in ransom money. (ZDNet)
Colonial Pipeline
The Colonial Pipeline breach in late April received the most news coverage out of all the cyber and ransomware assaults in 2021. “The Colonial Pipeline attack made such an impact because the pipeline is an integral component of the national critical infrastructure system,” says Joe Giordano, director of the Touro College Illinois Cybersecurity Program. Gas supply disruptions caused by taking down the infrastructure resulted in mayhem and terror all along the US East Coast.
This strike struck close to home for many people because gasoline shortages directly affect the majority of Americans. The internal business network and billing system of the company were the targets of the attack, which was carried out by the DarkSide gang and caused severe shortages across several states. Colonial Pipeline eventually gave in to the demands and paid the group $4.4 million in bitcoin to stop further disruption.
Customers started to panic during this attack and disregarded safety rules, making it more risky. Some people on the East Coast attempted to store gasoline in combustible plastic containers and bags, and one of their cars even caught fire. Government representatives acknowledged that Colonial Pipeline’s cybersecurity safeguards were inadequate after the commotion subsided, and that the incident would have been avoided if more robust security had been in place.
Thankfully, a large portion of the $4.4 million ransom payment was recovered by US law enforcement. By keeping an eye on the flow of cryptocurrencies and digital wallets, the FBI was able to find the money. Finding the real hackers who carried out the attack, however, will be much more difficult. From The New York Times
Brenntag
Early in May 2021, at roughly the same time as Colonial Pipeline, the infamous hacking organization DarkSide also targeted Brenntag, a distributor of chemicals. DarkSide sought the equivalent of $7.5 million in bitcoin after stealing 150 GB of data.
Brenntag eventually gave in to the demands and paid $4.4 million. One of the largest ransomware payments in history, even though it was only slightly more than half of the initial demand. (Governance in IT)
Acer
Also in May this year, the computer manufacturer Acer was attacked by the REvil hacker group, the same group responsible for an attack on London foreign exchange firm Travelex. The greatest documented ransom to date, the $50 million ransom, stood out. To access Acer’s information and disclose photos of private financial spreadsheets and papers, evil hackers used a flaw in a Microsoft Exchange server.
JBS Foods
Although the end of the epidemic was announced in the spring of 2021, the rise in cyberattacks that started in 2020 showed no signs of slowing down. One of the largest meat processing corporations in the world, JBS Foods, was the target of yet another prominent ransomware assault in May. The attack is believed to have been carried out by REvil, a Russian-based hacking gang that also targeted Acer. (CNN)
Government officials warned citizens not to panic buy meat in response to the incident, despite the fact that there were no significant food shortages as a result of it. It was revealed on June 10th that JSB paid the $11 million ransom demand after speaking with cybersecurity professionals. One of the largest ransomware payments in history was made in the form of this enormous bitcoin payment. The CBS News
Quanta
Similar to the Acer attack, the REvil gang held Quanta, a computer maker, in April and sought a $50 million ransom. Despite not being a household name, Quanta is one of Apple’s principal business partners. After the company declined to enter into negotiations with the hacker group, REvil chose to target Apple. They threatened to publish more private documents and data after disclosing Apple product blueprints obtained from Quanta. REvil appeared to have abandoned the offensive by May.
National Basketball Association (NBA)
Ransomware attacks target companies and organizations across a wide range of industries. This year’s list included a few surprises, including the National Basketball Association (NBA). The hacking collective Babuk claimed to have taken 500 GB of private information on the Houston Rockets in the middle of April of this year. Babuk said that if their requests were not granted, these private documents, which contained financial information and contracts, would be made available to the public. No ransom payments have been made as of this posting.
AXA
The Avaddon gang targeted the European insurance provider AXA in May. The corporation had just made significant adjustments to their insurance policy when the attack took place. AXA essentially announced that they will stop paying out ransoms to many of their customers. The hacker group acquired access to a colossal 3 TB of data in this unusual (and ironic) attack on a cyber-insurance company. (BlackFog)
CNA
Another big insurance company was the target of ransomware earlier this year in March. On March 21, a hacking group hacked CNA’s network, encrypting 15,000 devices, many of which were computers used by staff who worked remotely. The attack, which allegedly originated from the hacking collective Evil Corp, makes use of a brand-new malware program named Phoenix CryptoLocker.
CD Projekt
A well-known Polish videogame development company is called CDProjekt Red. The company was compromised in a HelloKitty gang breach in February of this year. The hacker group gained access to encrypted gadgets and game projects’ source codes. CDProjekt, however, declined to hand over the ransom money and instead employed backups to recover the deleted material. (ExtremeTech)
Kaseya
The same hacker collective known as REvil, which also attacked Acer, Quanta, and JBS Foods, made news in July with an attack on Kaseya. While Kaseya may not be a household name, it handles IT infrastructure for significant businesses all over the world. This breach had the potential to severely disrupt important sectors of the economy, much like the attacks on Colonial Pipeline and JBS Foods.
Through Kaseya’s Virtual System Administrator, REvil distributed a phony software update that infected both Kaseya’s direct clients and their customers in order to carry out the attack. One million systems, according to REvil, were held for ransom and encrypted. Around 50 of their clients and a total of 1000 enterprises, according to Kayesa, were affected. The hacker collective requested $70,000,000 in bitcoin. Coop, a Swedish supermarket company, was compelled to close 800 locations for a whole week as a result of the cyberattack. (ZDNet)
The encryption keys needed to decrypt the hack were obtained by the FBI shortly after the incident when they gained access to REvil’s servers. Thankfully, no ransom was paid, and Kaseya was able to restore its customers’ IT infrastructure. Even though it began as one of the year’s largest ransomware attacks, things were eventually saved. (ZDNet)
Progress in the Fight Against Ransomware
The entity responsible for the Kaseya attack is based in Russia, despite not being a state-sponsored outfit. The Associated Press reports that President Biden and President Putin spoke on the phone in July as a result of the significant security incident. During the discussion, Biden put pressure on Putin to be more aggressive in pursuing harmful operatives operating in his nation. Although it’s unclear exactly what happened after this phone call, the FBI was able to access REvil’s servers, and soon after that, REvil’s infrastructure and website were taken down. Biden’s phone call may or may not have had an impact, but the White House insists that it will continue to put pressure on Russia to cooperate.
Police were able to access group infrastructure and find the alleged hackers using wiretapping and other techniques. 17 nations, including powerful nations like the United States, United Kingdom, and France, worked together to make the two most recent arrests.
The assault on Kaseya is apparently the fault of one of the men, Yaroslav Vasinskyi, 22. Both of the individuals who were detained in November might receive a life sentence. Authorities seek to identify and bring charges against more hackers in order to put an end to their activities, even if REvil is still a player in the world of cybercrime. (NPR)
A Dire Need for Cybersecurity Experts
For this problem to be solved, two essential elements are required. One is that businesses must treat cybersecurity seriously and devote enough resources to it. Second, more highly educated cybersecurity professionals must be available to combat the scourge of ransomware attacks that we are currently experiencing. According to Giordano, “So many businesses and organizations still have insufficient security, and robust security requires ongoing monitoring and updates rather than a one-time upgrade. We’ll start to see a decrease in these dangers as more businesses begin to take cybersecurity seriously and devote the necessary time and money to fending off threats.
In contrast to some other STEM disciplines, cybersecurity does not require a master’s degree to get started. One of the greatest methods to meet the requirements for applicable job openings is frequently by completing a graduate certificate program. The crucial needs of the industry are met by the graduate certificate program in cybersecurity for healthcare offered by Touro College Illinois. We develop skills in network security, HIPAA, cloud security, medical device security, incident response, and recovery through our hands-on training.