Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, say researchers

Japanese car maker Honda has been hit by ransomware that disrupted its production of vehicles and also affected internal communications, according to reports.

The ransomware, of an as-yet unidentified strain, appeared to have spread through the multinational firm’s network. A Honda spokesman told the media it appeared to have “hit the company’s internal servers.”

Some Honda factories around the world were forced to suspend production, though output from Turkey, India, USA and Brazil locations remain on hold at the time of writing.

Sky News reported yesterday that Honda’s networks began to suffer “issues” on Monday, and that “the company believed it was the result of unauthorised attempts to breach its systems.”

A Honda spokesbeing told several outlets: “We can confirm some impact in Europe and are currently investigating the exact nature.”

Another statement from the firm today added: “Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development activities.”

In the meantime, multiple researchers have suggested the culprit was Ekans, with one Milkr3am, posting screenshots on Twitter of a sample submitted to VirusTotal today that checks for the internal Honda network name of “mds.honda.com”.

Professor Alan Woodward of the University of Surrey told El Reg: “With a just-in-time system you need only a small outage in IT to cause a problem. As it happens I think Honda have recovered quite quickly. A few countries’ facilities are still affected but they seem to be coming back very fast, which suggests they had a good response plan in place.”

The speed at which the malware spread in Honda’s network indicates that some the company has centralised functions, “the usual culprits are finance,” he added.

Source: Hospital-busting hacker crew may be behind ransomware attack that made Honda halt car factories, say researchers • The Register