Honda Has Fallen Victim to a Ransomware Attack and Disrupted Production

• Honda’s plant in Ohio has halted production as the Japanese carmaker has detected a ransomware infection.
• Not many details have been disclosed officially, but it looks like this is the work of Ekans/SNAKE ransomware actors.
• Honda leaked crucial data last year, and some of it might have been utilized to set up and launch this attack.

The “Honda Motor Company” is investigating the possibility of having been infected by ransomware. The Japanese automaker has made a relevant statement to “The Detroit Bureau,” saying that the company detected suspicious activity on June 7, 2020, partially losing connectivity with its computer network in Japan and Europe. This has resulted in the sudden disruption of the production of cars in an undisclosed number of Honda factories - a measure that was taken to contain the infection. One plant that has been confirmed as impacted is that in Marysville, Ohio.

While they didn’t want to elaborate further, for the time being, some leaks hit Twitter, revealing that the ransomware strain that hit Honda was “Ekans.” As for the ransom note, it claims “unbreakable” AES-256 and RSA-2048 encryption and urges the victim to contact the actors at “CarrolBidell@tutanota.com” to pay for a decryption tool. Ekans is a version of the SNAKE ransomware, and a strain that hasn't engaged in the latest trend of stealing files to perpetuate the extortion process. That said, Honda may consider itself somewhat lucky this time.

#Honda and #Enelint became next victims of #Ekans #Ransomwarehttps://t.co/HAYyF4i8Xphttps://t.co/4mZz84lYrV

— milkream (@milkr3am) June 8, 2020

Still, since all automakers are in a tough financial position right now considering COVID-19 slashed their sales down to scrimp levels, this is not an ideal time to deal with IT systems and business disruption. The Q1 results that were recently announced by Honda have painted a dire picture, with the global sales collapsing to a total of $51.9 million. In India, the company announced the dispatching of 375 units during April 2020, while for the same period last year, they sold 11,442 units. This is a plunge of 97%, indicative of the current situation in the field.

Honda has found itself at the epicenter of security and data breaches numerous times in the past. In December 2019, we reported about an unprotected database belonging to “Honda North America,” which exposed at least 26,000 records of Honda vehicle owners. In August 2019, Honda accidentally exposed 40GB of data that involved private employee information and confidential corporate data. In 2017, the wave of WannaCry swept Honda’s production at the Sayama plant in Tokyo. In general, the Japanese carmaker hasn’t been doing very well in the field of cybersecurity. The analysis of the leaked data shows that the malware used in the recent attack was tailored for Honda’s systems. Maybe one of the previous leaks has proven to be useful for the infiltrators now, and this is why every little piece of data that is published matters when it comes to security.