Japanese carmaker Honda has been hit by a cyberattack that has halted production at several factories around the world.
The attack, suspected to be ransomware but not confirmed by Honda, has also affected internal communications systems such as email.
“At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable,” the company said in a statement posted on Twitter.
“We are working to resolve the issue as quickly as possible. We apologise for the inconvenience and thank you for your patience and understanding.”
Honda is one of the largest vehicle manufacturers in the world and makes cars, motorcycles and generators, among others.
The firm confirmed to the BBC that production at its UK plant has come to a halt as a result of the cyberattack. Operations in North America, Turkey, Italy and Japan have also been affected.
Honda said it was aiming to get some systems back up and running by the end of the day.
Sky News first reported that Honda was experiencing IT disruption on Monday.
At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable. We are working to resolve the issue as quickly as possible. We apologize for the inconvenience and thank you for your patience and understanding.
— Honda Automobile Customer Service (@HondaCustSvc) June 8, 2020
Ransomware suspected in Honda cyberattack
Security researchers suspect Ekans, a derivative of the Snake ransomware, is responsible for crippling Honda’s systems.
“It is unusual in that it is one of the few pieces of ransomware that has ability to target industrial control systems,” said professor Alan Woodward of the University of Surrey, speaking to The Register. “It was used with devastating consequences against a German firm not long ago.”
Oz Alashe, CEO of security firm CybSafe, said: “The virus impacting Honda is part of the SNAKE ransomware family, which targets an entire network rather than individual workstations. Honda’s global operations have already been disrupted, and while some systems appear to be back online, it’s likely that rolling back up to full operations will take some time.”
In August 2019 Honda left a database containing 134 million rows of systems data – much of it highly sensitive – exposed without any password protection online.
This included technical details of Honda computers, including IP addresses, operating systems, unique network identifiers and security solutions and patches.
It is possible that the data exposed during this previous security lapse gave the attackers the necessary information to carry out this week’s attack – although this has not been confirmed.
Three years ago Honda suspended production at a plant in Japan after discovering ransomware in its IT network.
“This attack comes at a challenging moment for the automaker, with the business already facing added financial pressure from coronavirus and reduced demand for its goods,” added Alashe.