10th June 2020, Kathmandu
Honda Motor Company has stopped production after a cyberattack that security researchers suspect to be ransomware.
The company said that it has affected its ability to access computer servers, use emails and internal systems. “There is also an impact on production systems outside of Japan,” it added.
Due to this, Honda faced a setback in manufacturing at some of its plants around the globe on Tuesday.
The Japanese vehicle manufacturing company is one of the largest in the world. In fact, it employs over 200,000 staff with plants in the U.K., North America, and Europe.
The company confirmed the cyberattack adding that there is no evidence of loss of ‘personally identifiable’ information. Moreover, Honda claims that it has resumed production in most plants.
But its main plant in Ohio, as well as its plants in Turkey, India, and Brazil, are still closed. Currently, it is working towards resuming the production of its auto and engine plants in Ohio.
SNAKE Ransomware Might Be the Culprit
Reports suggest that the incident may be related to a SNAKE Ransomware cyber-attack. The company declined to provide detailed info only revealing that its IT network isn’t operating properly.
A company spokesperson also confirmed that there is no impact on Honda customers. “In Europe, we are investigating to understand the nature of any impact,” Honda said.
How does SNAKE ransomware work?
This ransomware is like any other file-encrypting malware. It basically scrambles files and documents and holds them hostage for a ransom.
As a matter of fact, the ransomware is expected to be paid in cryptocurrency.
However, Honda claims that there was no evidence supporting the fact that data had been pulled out.
A security researcher, Milkream has found a sample of the SNAKE (EKANS) ransomware uploaded to VirusTotal. And, it references an internal Honda subdomain, “mds.honda.com”.
Moreover, security researcher Vitali Kremez said that the ransomware also contains a reference to the US IP address 220.127.116.11.
This particular IP address resolves to the hostname, ‘unspec170108.amerhonda.com’.
Thus, this evidence serves as indicators that Honda faced network outrage due to the SNAKE ransomware attack.
SNAKE Ransom Note from the Samples (credit: milkream)
BleepingComputer got in touch with SNAKE ransomware operators to further investigate the incident. “While they did not admit to the attack, they did not deny it either” – BleepingComputer
The operators did not share details about the attack in order to “allow target some deniability”. However, they told that it will change as time passes.