DoppelPaymer Ransomware Attack Sinks a Global Motor Company’s $20 Million
DoppelPaymer gang is on a fresh bounty hunt. Fraud, followed by data theft and ransomware attacks are the leading crypto-based security hazards for modern data-based companies. As a global motor company found out, its internal and customer-facing systems were crippled by a new ransomware attacker group – DoppelPaymer.
Kia Motors America, headquartered in Irvine, CA with nearly 800 dealers in the USA and cars/SUVs manufactured out of West Point, Georgia, has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and to not leak stolen data. The attack was acknowledged in the public domain after Kia Motors America portals faced major outages and internal blockades to its customer-facing systems across the country.
How DoppelPaymer Works?
The gang hunts down unencrypted files and devices before locking them out using advanced encryption and then pressurize the victim for ransom to restore the ‘status quo’ or rejig operations back to its pre-attack status. The gang issues a warning that it will breach data if the ransom is not paid, or further infiltrate into unsecured devices and systems. The victim has no option but to pay up the ransom through international payment sites or through bitcoins. According to a source, the gang asked for 404 bitcoins, translating to $20 million USD.
We spoke to cybersecurity experts on the DoppelPaymer ransomware issue which sank $20 Million (speculated) for Kia Motors America.
According to Mr. Andrea Carcano, Co-Founder of Nozomi Networks:
“Unfortunately, these types of attacks are becoming all too common; DoppelPaymer and others are immensely more profitable when they target large organizations and disrupt their critical IT operations – in this case, KIA’s mobile UVO Link apps, payment systems, owner’s portals, and internal dealership sites.
These ransomware scenarios should be factored into an organization’s incident response and business continuity plans. Beyond a technical response, decision makers need to be prepared to weigh the risks and consequences of alternate actions. Ransomware threat actors typically rely on spear phishing links or vulnerable public services to gain initial entry into a network. Afterward, they move laterally to gain access to as many nodes of the network as possible, allowing them to increase the magnitude of the disruption.
Cybersecurity best practices such as strong segmentation, user training, proactive cyber hygiene programs, multi-factor authentication and the use of continuously updated threat intelligence, should be used to protect IT and operational environments from ransomware.”
Ad Zlotikin, GeoEdge’s VP Security and Data spoke to us about the recent Morphixx scam.
Dark web and its dangerous affiliations are built on social engineering and privatized ransomware syndicates.
Ad says, “From our experience, the countries which have been most negatively impacted are also the countries with the highest incomes because there simply is more money to steal. These countries include Japan, Australia, and New Zealand as well as the United States and Canada, the UK, France, Netherlands, Belgium, Germany, Switzerland, Austria, Italy, Spain, Portugal, and the Scandinavian countries. These countries tend to be more advanced in their use of the Internet, too.
Now, we’re starting to see more attacks in other high-income countries including the Gulf states in the Middle East, as well as in emerging markets in South America, Asia, and Eastern Europe.”
The role of AI and Blockchain in detecting, identifying, and preventing malvertising/credit card scams is beginning to get attention from cyber security professionals.
Ad says, “At the core of GeoEdge’s patented behavioral code analysis solution are AI and machine learning technologies, which our team had developed to help us uncover malicious advertising scams. The technology enables detecting the different patterns inherent in malicious advertising versus malware-free advertising so that we can uncover the malicious attacks and stop them from running on our publisher clients’ websites and apps. As malicious scammers have become more technologically advanced and sophisticated as marketers, we keep developing and updating our AI and machine learning technologies.”