Another week, and it appears another major manufacturer has fallen victim to a ransomware attack. This time around, Kia Motors America, headquartered in Irvine, California, with nearly 800 dealers in the U.S. and cars/SUVs manufactured out of West Point, Georgia, was the target.
The ransom demand is significant, according to a post on Bleeping Computer, “To prevent the leak of the data and receive a decryptor, DoppelPaymer is demanding 404 bitcoins worth approximately $20 million. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.”
Unfortunately, these types of attacks are becoming all too common, Andrea Carcano, co-founder of Nozomi Networks tells IndustryWeek.
“DoppelPaymer and others are immensely more profitable when they target large organizations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner's portals and internal dealership sites,” he says. “These ransomware scenarios should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption.”
According to Sam Curry, chief security officer with Cybereason, the ransomware attack that has taken Kia Motors’ operations down is just the latest example of a financial cybercrime being perpetrated against a large company. “Every minute that their operations are incapacitated costs companies millions of dollars in lost business,” says Curry. “It cannot be understated how important it is for companies like Kia to be open and transparent about the specific facts surrounding their particular cyberattack. Our industry can then quickly dissect the nature of the attack and prevent this type of system intrusion from happening to other companies.”
As Carcano explains, cybersecurity best practices such as “strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware.”
“Ransomware attacks have steadily been increasing due to the success of their criminal operations by extorting companies for large financial gains,” says Curry. “This cat and mouse game will only continue until we can preemptively deploy solutions that can stop it cold.”
At this point Kia has acknowledged systems are down, but has not confirmed the reported ransomware attack.
This story will be updated as we gather more information.