You are referring to a real and highly publicized cybersecurity incident that occurred in February 2021. The “car firm” in question was Kia Motors (specifically Kia Motors America, part of the broader Hyundai Motor Group).
Here is the context and breakdown of the event reported by BleepingComputer and other cybersecurity outlets:
The Incident
- The Target: Kia Motors America.
- The Threat Actor: DoppelPaymer, a notorious ransomware gang known for “double extortion” (encrypting data and threatening to leak it if the ransom isn’t paid). DoppelPaymer is widely believed by cybersecurity researchers to be affiliated with the Russian-speaking cybercrime syndicate Evil Corp.
- The Demand: The gang demanded a ransom of 404 BTC (Bitcoin). At the time of the attack in early 2021, this was equivalent to roughly $15.4 million to $18 million USD, depending on the exact daily fluctuation of Bitcoin.
- The Deadline: DoppelPaymer reportedly gave Kia a strict deadline to pay the ransom, threatening to publish stolen internal documents and sensitive data on their dark web leak site if the demand was not met.
The Impact
The ransomware attack caused significant operational disruptions for Kia. It reportedly took down internal IT systems, affecting the company’s ability to communicate internally, process parts orders, and manage dealer networks across the United States. Kia dealerships were forced to resort to pen and paper to track sales and inventory while the systems were offline.
The Company’s Response and Aftermath
- Initial Denial: Initially, Kia downplayed the incident, issuing statements that described the event as a routine “IT system outage” and denying that a ransomware attack had taken place or that customer data was compromised.
- The Leak: When the ransom was reportedly not paid (or negotiations broke down), DoppelPaymer followed through on their threat. The gang added Kia to their dark web data leak site and began publishing internal documents, which included financial records, internal memos, and supplier information.
- Eventual Admission: Following the data leak and mounting evidence from cybersecurity researchers, Kia eventually acknowledged that they had suffered a cyberattack that disrupted their systems, though they maintained that no customer personally identifiable information (PII) was compromised.
Broader Context
This attack was part of a massive surge in ransomware attacks against the global automotive and manufacturing supply chains in 2020 and 2021. Cybercriminal groups like DoppelPaymer targeted these firms because their “just-in-time” manufacturing and heavily integrated dealer networks make downtime incredibly costly, thereby increasing the likelihood that the victim will pay a massive ransom to restore operations.
(Note: The DoppelPaymer ransomware operation has since rebranded and splintered into other offshoots, such as LockBit and Grief, as law enforcement pressure on their infrastructure increased in the years following this attack.)