Honda suffers suspected ransomware attack

The company says a 'security incident' caused disruption to its computer network and loss of connectivity

Japanese automaker Honda has been hit by a cyber attack which has impacted many of its business operations.

The attack happened on Sunday 7th June, and led to problems across Honda's IT networks in Europe and Japan.

According to multiple reports, cyber actors targeted a Honda server with SNAKE (Ekans) ransomware aiming to cause damage to the company's computer network.

While the company has yet to confirm a ransomware attack, it has acknowledged a security incident which caused disruption to its computer network and loss of connectivity.

"Our information technology team is working quickly to assess the situation," Honda said in a statement.

The apparent cyber attack was also spotted on Monday by security software. A report was later published on the virustotal.com website.

Security researcher 'Milkream' said the sample of SNAKE ransomware submitted to VirusTotal checks for the internal Honda network name of "mds.honda.com". If it does not detect this domain it switches off.

https://twitter.com/milkr3am/status/1270014236882644995?ref\\_src=twsrc%5Etfw

Another security researcher, Vitali Kremez, told BleepingComputer that the ransomware sample contains a reference to the US IP address 170.108.71.15, which resolves to the 'unspec170108.amerhonda.com' hostname.

SNAKE ransomware operators have a history of targeting industrial control systems and demanding ransom after encrypting computers on the network. The ransomware usually steals data from compromised systems before deploying the encryption routine.

It encrypts all connected devices along with the targeted system, according to security experts, and has been designed with ability to hide form many anti-malware solutions.

Last month, researchers warned that after a period of low activity SNAKE ransomware operators were launching a global cyber attack campaign, infecting organisations in its wake.

The latest cyber attack comes nearly three years after Honda was forced to suspend production at one of its manufacturing units in Japan after detecting ransomware in its network.

Last year, the automaker had to deal with another cyber incident in which misconfigured ElasticSearch database leaked sensitive information about the company's internal systems and device data.

Justin Paine, the security researcher who discovered the unsecured database instance, revealed that the database contained more than 134 million records with 40GB worth of information related to Honda's global systems, as well as about the company's staff.

Paine said the leaky database could have provided criminals with an easy map for discovering the "soft spots" in Honda's network security.

Also last year, another open ElasticSearch database on internet was discovered by security researcher Bob Diachenko. That database leaked information about Honda customers in North America.