June 9, 2020

Cyberattack halts Honda production, ransomware suspected

By Robert Scammell

Japanese carmaker Honda has been hit by a cyberattack that has halted production at several factories around the world.

The attack, suspected to be ransomware but not confirmed by Honda, has also affected internal communications systems such as email.

“At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable,” the company said in a statement posted on Twitter.

“We are working to resolve the issue as quickly as possible. We apologise for the inconvenience and thank you for your patience and understanding.”

Honda is one of the largest vehicle manufacturers in the world and makes cars, motorcycles and generators, among others.

The firm confirmed to the BBC that production at its UK plant has come to a halt as a result of the cyberattack. Operations in North America, Turkey, Italy and Japan have also been affected.

Honda said it was aiming to get some systems back up and running by the end of the day.

Sky News first reported that Honda was experiencing IT disruption on Monday.

Ransomware suspected in Honda cyberattack

Security researchers suspect Ekans, a derivative of the Snake ransomware, is responsible for crippling Honda’s systems.

“It is unusual in that it is one of the few pieces of ransomware that has ability to target industrial control systems,” said professor Alan Woodward of the University of Surrey, speaking to The Register. “It was used with devastating consequences against a German firm not long ago.”

Oz Alashe, CEO of security firm CybSafe, said: “The virus impacting Honda is part of the SNAKE ransomware family, which targets an entire network rather than individual workstations. Honda’s global operations have already been disrupted, and while some systems appear to be back online, it’s likely that rolling back up to full operations will take some time.”

In August 2019 Honda left a database containing 134 million rows of systems data – much of it highly sensitive – exposed without any password protection online.

This included technical details of Honda computers, including IP addresses, operating systems, unique network identifiers and security solutions and patches.

It is possible that the data exposed during this previous security lapse gave the attackers the necessary information to carry out this week’s attack – although this has not been confirmed.

Three years ago Honda suspended production at a plant in Japan after discovering ransomware in its IT network.

“This attack comes at a challenging moment for the automaker, with the business already facing added financial pressure from coronavirus and reduced demand for its goods,” added Alashe.

Read more: Honda database exposure “a hacker’s dream”, leaving company secrets open to the world

Verdict deals analysis methodology

This analysis considers only announced and completed cloud-deals deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: ,