{
	"id": "f3a08124-d3b4-40ec-bc1c-965d48845ea9",
	"created_at": "2026-04-06T00:12:48.657062Z",
	"updated_at": "2026-04-10T13:13:00.54626Z",
	"deleted_at": null,
	"sha1_hash": "2ac48ba2593fe4adaaf22d4bbe8c1d5ac03f25a1",
	"title": "Kia Motors America suffers ransomware attack, $20 million ransom",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1971949,
	"plain_text": "Kia Motors America suffers ransomware attack, $20 million ransom\r\nBy Lawrence Abrams\r\nPublished: 2021-02-17 · Archived: 2026-04-02 12:14:05 UTC\r\nStory updated with Kia Motors America statement below.\r\nKia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor\r\nand not to leak stolen data.\r\nKia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has\r\nnearly 800 dealers in the USA with cars and SUVs manufactured out of West Point, Georgia.\r\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 1 of 7\n\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 2 of 7\n\nVisit Advertiser websiteGO TO PAGE\r\nYesterday, we reported that Kia Motors America was suffering a nationwide IT outage that has affected their mobile UVO\r\nLink apps, phone services, payment systems, owner's portal, and internal sites used by dealerships.\r\nWhen visiting their sites, users are met with a message stating that Kia is \"experiencing an IT service outage that has\r\nimpacted some internal networks,\" as shown below.\r\nA Kia owner tweeted that when they attempted to pick up their new car, a dealership told them that the servers were down\r\ndue to a ransomware attack.\r\n@Kia I went to the Kia dealership in Arizona and signed a new lease, yet the manager told me your computers\r\nhave been down for 3 days due to Ransomware and has affected Kia all over the USA. Can’t get my car for ????\r\nNow what?\r\n— Amybean  (@amylee62) February 16, 2021\r\nWhen we contacted Kia Motors America yesterday about these outages and ransomware reports, KMA told us that they\r\nwere working on resolving the outage.\r\n\"KMA is aware of IT outages involving internal, dealer and customer-facing systems, including UVO. We\r\napologize for any inconvenience to our customers and are working to resolve the issue and restore normal\r\nbusiness operations as quickly as possible.\" - Kia Motors America.\r\nIf you have first-hand information about this or other unreported cyberattacks, you can confidentially contact us on Signal\r\nat +16469613731 or on Wire at @lawrenceabrams-bc.\r\nKia was attacked by the DoppelPaymer ransomware\r\nToday, BleepingComputer obtained a ransom note that we were told was created during an alleged Kia Motors America\r\ncyberattack by the DoppelPaymer ransomware gang.\r\nIn a ransom note seen by BleepingComputer, the attackers state that they attacked Hyundai Motor America, Kia's parent\r\ncompany. Hyundai does not appear to be affected by this attack.\r\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 3 of 7\n\nKia Motors America ransom note\r\nSource: BleepingComputer\r\nThe ransom note contains a link to a private victim page on the DoppelPaymer Tor payment site that once again states the\r\ntarget is 'Hyundai Motor America.'\r\nThe Tor victim page says that a \"huge amount\" of data was stolen, or exfiltrated, from Kia Motors America and that it will\r\nbe released in 2-3 weeks if the company does not negotiate with the threat actors.\r\nDoppelPaymer is known for stealing unencrypted files before encrypting devices and then posting portions on their data leak\r\nsite to further pressure victims into paying.\r\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 4 of 7\n\nTor payment page for the Kia ransomware attack\r\nSource: BleepingComputer\r\nTo prevent the leak of the data and receive a decryptor, DoppelPaymer is demanding 404 bitcoins worth approximately $20\r\nmillion. If a ransom is not paid within a specific time frame, the amount increases to 600 bitcoins, or $30 million.\r\n404 bitcoin ransom demand\r\nSource: BleepingComputer\r\nThe DoppelPaymer operation has not indicated what type of data has been stolen. Based on the amount of Kia services\r\nsuffering an outage, we can expect a wide range of affected servers.\r\nThe stealing of unencrypted files has become a widely used tactic by ransomware operations to coerce victims to pay, with\r\nEmsisoft stating it has affected more than 1,300 companies globally.\r\n\"Globally, more than 1,300 companies, many US-based, lost data including intellectual property and other sensitive\r\ninformation. Note, this is simply the number of companies which had data published on leak sites and takes no account of\r\nthe companies which paid to prevent publication,\" states Emsisoft's 2020 State of Ransomware report.\r\nOther well-known victims attacked by DoppelPaymer in the past include Foxconn, Compal, PEMEX (Petróleos Mexicanos),\r\nthe City of Torrance in California, Newcastle University, Hall County in Georgia, Banijay Group SAS, and Bretagne\r\nTélécom.\r\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 5 of 7\n\nUpdate 2/17/21: In a statement to BleepingComputer, Kia Motors America has stated that they have seen no evidence that\r\nthey have suffered a \"ransomware\" attack.\r\nKia Motors America, Inc. (“Kia”) is currently experiencing an extended systems outage. Affected systems include the Kia\r\nOwners Portal, UVO Mobile Apps, and the Consumer Affairs Web portal. We apologize for any inconvenience to affected\r\ncustomers, and are working to resolve the issue as quickly as possible with minimal interruption to our business. We are also\r\naware of online speculation that Kia is subject to a “ransomware” attack. At this time, we can confirm that we have no\r\nevidence that Kia or any Kia data is subject to a “ransomware” attack.\r\nWe have once again reached out and asked if they were impacted by a \"cyberattack\" but have not heard back.\r\nHyundai also experienced outages\r\nAfter the publishing of this story, numerous Hyundai and dealership employees contacted BleepingComputer to state that\r\nHyundai was also affected by unexplained outages.\r\nIn emails sent by Hyundai Motors America to Kia dealerships on Saturday and seen by BleepingComputer, Hyundai stated\r\nthat multiple systems were down including their internal dealer site, hyundaidealer.com.\r\nBleepingComputer was also told that services used by dealer technicians were affected as well.\r\nSince then, some of these services have since been restored.\r\nIn a similarly worded statement as Kia, Hyundai told BleepingComputer that they have no evidence of a \"ransomware\"\r\nattack.\r\n\"At this time, we can confirm that we have no evidence of Hyundai Motor America’s involvement in a\r\n“ransomware” attack.\" - Hyundai Motors America\r\nBleepingComputer reached out to confirm if they were impacted by a cyberattack but has not heard back.\r\nThis is a developing story.\r\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 6 of 7\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nhttps://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/\r\nPage 7 of 7",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/kia-motors-america-suffers-ransomware-attack-20-million-ransom/"
	],
	"report_names": [
		"kia-motors-america-suffers-ransomware-attack-20-million-ransom"
	],
	"threat_actors": [],
	"ts_created_at": 1775434368,
	"ts_updated_at": 1775826780,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2ac48ba2593fe4adaaf22d4bbe8c1d5ac03f25a1.pdf",
		"text": "https://archive.orkl.eu/2ac48ba2593fe4adaaf22d4bbe8c1d5ac03f25a1.txt",
		"img": "https://archive.orkl.eu/2ac48ba2593fe4adaaf22d4bbe8c1d5ac03f25a1.jpg"
	}
}