Honda in Recovery Mode after Monday’s Cyberattack

Honda has confirmed a cyberattack on its corporate computer networks that has brought some of its worldwide operations to a standstill. According to a statement, “Work is being undertaken to minimize the impact and to restore full functionality of production, sales and development activities.” The company also says no data has been breached, just held for ransom, hence the name.

“Snake” ransomware encrypts files and documents and holds them for ransom, usually some form of untraceable cryptocurrency.

According to Techcrunch and Brett Callow, a threat analyst at Emsisoft, the malware was uploaded to VirusTotal, a malware analysis service. It referenced an internal Honda subdomain.

“The ransomware will only encrypt files on systems capable of resolving this domain but, as the domain does not exist on the clear net, most systems would not be able to resolve it. Mds.honda.com may well exist on the internal nameserver used by Honda’s intranet, so this is a fairly solid indicator that Honda was indeed hit by Snake,” said Callow.

Work at a U.K. plant has been suspended, as have other operations in North America, Turkey, Italy and Japan.

Beazley, a business insurer, told the BBC that it has seen a 25% spike in ransomware in the first quarter of 2020, suggesting hackers are using COVUD-19-related lures to get people to download malware.

"Organizations must ensure their security systems and protocols are up to date and ensure that colleagues working from home are extra-vigilant,” said the firm’s Katherine Keefe.

“At this point, we see minimal business impact,” Honda says.

We've contacted Honda for the latest developments and will update this story as it evolves.