Transportation

Computer network ‘disruption’ forces Honda to cancel some production

Honda IT personnel are still working the incident. Outside analysts suspect ransomware.

June 9, 2020

Cybersecurity researchers said that malicious software samples associated with the incident suggested a ransomware attack had occurred at Honda. (Getty Images)

A “disruption” to Japanese carmaker Honda’s computer network forced the company to cancel some production operations on Monday, according to a company spokesperson.

The incident occurred Sunday and Honda’s IT personnel are still responding to the situation, Honda spokesman Chris Abbruzzese told CyberScoop. He declined to answer questions on the cause of the incident or where it was affecting the company geographically. But another statement from Honda to the BBC said the incident has “also [had] an impact on production systems outside of Japan.”

Cybersecurity researchers said that malicious software samples associated with the incident suggested a ransomware attack had occurred.

Vitali Kremez, a strategic adviser to cybersecurity company SentinelOne, said he suspected a strain of ransomware known as Snake or EKANS was the cause of the incident. The ransomware appears to have been coded to check that it was on Honda’s networks before executing, Kremez said. EKANS ransomware emerged last December and is known for being used in attacks on industrial companies.

It is unclear who is behind the malware.

This would not be Honda’s first experience with a significant ransomware infection. The global outbreak of the WannaCry ransomware in 2017 halted production at a Honda plant in Japan.