Honda suffers Ekans ransomware attack
Various news reports have claimed that automotive giant
Honda suffered an Ekans ransomware attack targeting its offices in the U.S.,
Europe, and Japan that forced many offices to shut down this week.
According to reports, hackers targeted a Honda server with
the Ekans malware and reportedly inflicted some damage, considering that
workers in Honda's locations in the United States were sent home after it was
discovered that computers and other devices were rendered non-functional.
While Honda is yet to confirm if it suffered a ransomware
attack, it admitted that it did suffer a security incident but refused to
reveal any more information, stating that the incident is under investigation.
"This is currently under investigation, to understand the
cause. At this point, there is no effect on either Japanese production or
dealer activities, and no customer impact. In Europe, we are investigating to
understand the nature of any impact. We can confirm some impact in Europe and
are currently investigating the exact nature," said a Honda spokesman.
According to NBC News, the ransomware attack was first
discovered on Sunday, and on Monday, Honda put production on hold in certain
locations to deal with a disruption in its computer network. Security firm Virus
Total said it has evidence of hackers creating a customised ransomware to gain
access to and encrypt a Honda internal server and demand ransom in exchange for
giving the encryption key.
"On Sunday, June 7, Honda experienced a disruption in
its computer network that has caused a loss of connectivity, thus impacting our
business operations. We have canceled some production today and are currently
assessing the situation," a spokesman said.
According to security researchers, the Ekans ransomware that
was used to target Honda is a variant of the Snake ransomware that was recently
used to target Germany-based Fresenius Group, Europe's largest private hospital
operator, with devastating effect.
Fresenis Group provides dialysis products and services
across a large number of hospitals in the United States and Europe. In May, the
hospital chain announced that it was "postponing surgical procedures when
medically justifiable and thereby expanding its capacity to care for COVID-19
patients".
Commenting on the latest ransomware attack targeting Honda,
Neil Stobart, VP Engineering at Cloudian, told Teiss that a viable means of
ransomware protection is WORM (write once, read many) storage technology that
allows organisations to make immutable “locked” copies of their data.
"These copies can still be read but cannot be altered
for a set period of time, even if hackers do somehow manage to exploit a
vulnerability in the system. And gone are the days when WORM storage required
special hardware and workflows.
"Now, it can be leveraged by enterprise storage systems
more widely through a new feature called Object Lock, with automated workflows
allowing ransomware protection at the device level and eliminating the need to
separately manage protected copies of data," he added.
Comments
Post a Comment