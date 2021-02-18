Kia Motors has suffered a ransomware attack by the DoppelPaymer gang. The gang demanding $20 million for a decryptor and not to leak stolen data and given 2-3 weeks if the company does not negotiate with the threat actors. Cybersecurity experts commented below on the danger of ransomware.
Experts Comments
DoppelPaymer is a problematic strain we have witnessed successfully infiltrating numerous large-scale global organisations in recent times: a strain which is infamous for its initial immense ransom demands, often negotiated to a much smaller amount if the organisation choses to pay.
Unfortunately for Kia there is no guarantee that if the ransom is paid, DopplePaymer’s operators shall not leak any sensitive data.
Whichever eventuality the company selects, as stressful as the situation will.....Read More
DoppelPaymer is a problematic strain we have witnessed successfully infiltrating numerous large-scale global organisations in recent times: a strain which is infamous for its initial immense ransom demands, often negotiated to a much smaller amount if the organisation choses to pay.
Unfortunately for Kia there is no guarantee that if the ransom is paid, DopplePaymer’s operators shall not leak any sensitive data.
Whichever eventuality the company selects, as stressful as the situation will currently be for Kia, for the salvation of the company’s reputation the priority going forward needs to be their clients and shareholders. Communication is key.Read Less
Unfortunately, these types of attacks are becoming all too common, DoppelPaymer and others are immensely more profitable when they target large organisations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner's portals, and internal dealership sites. These ransomware scenarios should be factored into an organisation’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared.....Read More
Unfortunately, these types of attacks are becoming all too common, DoppelPaymer and others are immensely more profitable when they target large organisations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner's portals, and internal dealership sites. These ransomware scenarios should be factored into an organisation’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption. Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware.Read Less
If news reports are accurate, Kia Motors has long since passed the panic mode in dealing with a massive ransomware attack that has affected operations for more than five days. From afar, it appears the attackers have taken Kia Motors to its knees. Think about the scale of the problem for a company of this size with tens of thousands of employees and thousands of dealerships. Every additional hour and day they are incapacitated is costing the company tens of millions of dollars that will not be.....Read More
If news reports are accurate, Kia Motors has long since passed the panic mode in dealing with a massive ransomware attack that has affected operations for more than five days. From afar, it appears the attackers have taken Kia Motors to its knees. Think about the scale of the problem for a company of this size with tens of thousands of employees and thousands of dealerships. Every additional hour and day they are incapacitated is costing the company tens of millions of dollars that will not be recouped. While details are scant at this time, Kia's transparency about the attack is extremely important so that as an industry we can understand how the threat actors were successful and what can be done to eliminate the risk in the future. I've said it many times over the years, but at some point these wide-scale and massive cyber attacks will be a wake up call for companies to improve their security posture and roll out around the clock threat hunting services to increase the likelihood malicious activity can be uncovered in the beginning stages of an attack and stopped before material losses occur.Read Less
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
The very recent ransomware attack on Kia Motors America demonstrates just how important it is for every organization to rethink data security. Threatened with an imminent leak of stolen data, Kia must now assess just how much sensitive information might be released if they don’t meet the terms of the threat actors. Hopefully they are able to navigate this situation effectively with minimal damage.
The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by.....Read More
The very recent ransomware attack on Kia Motors America demonstrates just how important it is for every organization to rethink data security. Threatened with an imminent leak of stolen data, Kia must now assess just how much sensitive information might be released if they don’t meet the terms of the threat actors. Hopefully they are able to navigate this situation effectively with minimal damage.
The ironic thing is that enterprises can avoid the threat of leaked hijacked data simply by taking a data-centric approach to protecting sensitive information. Using tokenization or format-preserving encryption, businesses can obfuscate any sensitive data within their data ecosystem, rendering it incomprehensible no matter who has access to it. These reports should all be treated as cautionary tales, as an enterprise might find themselves in the same boat without the proper data-centric approach.Read Less
Linkedin Message
@Trevor Morgan, Product Manager , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Hopefully they are able to navigate this situation effectively with minimal damage...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-kia-motors-suffers-ransomware-attack
Facebook Message
@Trevor Morgan, Product Manager , provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Hopefully they are able to navigate this situation effectively with minimal damage...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/experts-reaction-on-kia-motors-suffers-ransomware-attack