The car and motorcycle manufacturer had to stop production in several countries: Apparently a relatively new encryption Trojan designed for industrial plants is responsible.
The Japanese company Honda, which produces cars, motorcycles and lawnmowers, among other things, had to stop parts production due to a malware attack. The BBC confirmed that facilities in North America, the UK, Italy and Turkey are affected. According to the “Bloomberg” news agency, motorcycle production facilities in India and South America are also paralyzed.
The company describes the incident as follows: After a hacker attack, there are problems accessing internal servers, e-mails and other services, as a result of which sales, development and production systems are affected, at least outside of Japan. A virus had spread across the network, but no data leak was found and the damage to the business was currently “minimal”.
It remains to be seen whether that will remain the case. It is difficult to say whether the malware can be removed quickly and thoroughly from Honda’s systems in such a spread. The fact that no data outflow was observed does not mean that there was none. And what the perpetrators planned or intended to do is still not clear. At least there is a clear indication of who is behind the attack.
Ransomware gangs are now also threatening to publish data
A security researcher has discovered that someone has uploaded a virus sample from ransomware known as Snake or Ekans (Snake backwards) to VirusTotal – apparently to check what antivirus software it would use.
The uploaded malware variant checks whether it can access a specific Honda internal address. If it cannot, it remains inactive. If it can access it, it realizes that it is on Honda’s intranet and starts encrypting files.
The magazine “Bleeping Computer” was able to contact the backers. They announced somewhat clumsily that there would be news about the case soon.
Snake / Ekans is an encryption Trojan just a few months old, but it can do massive damage. The ransomware is not only designed to cripple industrial control systems (ICS), but recently, developers are also claiming that they tap data before they start encrypting. Those who do not pay a ransom must therefore expect internal data to be published by the perpetrators – this scam has become increasingly popular among criminals recently.
In early May, IT security journalist Brian Krebs reported that German hospital operator Fresenius had been the victim of a Snake / Ekans attack. Fresenius later admitted that there had been a successful attack, but patient care was not at risk.
