Honda reportedly has been forced to shut down some of its
plants around the world following a cyberattack of unknown origin.
Honda’s auto plants in Ohio (United States) and Turkey,
along with a couple of motorcycle plants in South America and India, halted production
after a
cyberattack hit the infrastructure. The company has yet to say why
the type of cyberattack was responsible for the shutdown, only that they are
working to fix the situation.
This is not the first time cyberattack to seriously
affect Honda. In 2017, it was one of many companies that fell prey to the
WannaCry ransomware. According to a report from Bleeping Computer, the latest
information indicates that another ransomware is to blame, but this time it’s
Snake (EKANS).
An analysis from milkream
supports the idea that Honda might be victim of another ransomware attack.
Someone from the mds.honda.com domain checked a sample of the ransomware on
Virustotal. While it’s not definitive proof, milkream also posted the alleged
ransom note.
The disruption of the company’s operations comes at a
very early stage in the restart operations. Much of Honda’s production was shut
down during the COVID-19 pandemic, and it’s just starting back up. Moreover,
some plants have yet to open, and now, with the cyberattack to deal with, it
will take a while for the company to resume normal production.
Ransomware attacks are surging in 2020, with many groups
employing new tactics, such as stealing private data before encrypting the
systems and using that information to blackmail victims. The latest reports
from Honda don’t indicate any kind of data exfiltration or that private data
was accessed from the outside, but it’s still early in the investigation.