Honda suffers Ekans ransomware attack

Various news reports have claimed that automotive giant Honda suffered an Ekans ransomware attack targeting its offices in the U.S., Europe, and Japan that forced many offices to shut down this week.

According to reports, hackers targeted a Honda server with the Ekans malware and reportedly inflicted some damage, considering that workers in Honda's locations in the United States were sent home after it was discovered that computers and other devices were rendered non-functional.

While Honda is yet to confirm if it suffered a ransomware attack, it admitted that it did suffer a security incident but refused to reveal any more information, stating that the incident is under investigation.

"This is currently under investigation, to understand the cause. At this point, there is no effect on either Japanese production or dealer activities, and no customer impact. In Europe, we are investigating to understand the nature of any impact. We can confirm some impact in Europe and are currently investigating the exact nature," said a Honda spokesman.

According to NBC News, the ransomware attack was first discovered on Sunday, and on Monday, Honda put production on hold in certain locations to deal with a disruption in its computer network. Security firm Virus Total said it has evidence of hackers creating a customised ransomware to gain access to and encrypt a Honda internal server and demand ransom in exchange for giving the encryption key.

"On Sunday, June 7, Honda experienced a disruption in its computer network that has caused a loss of connectivity, thus impacting our business operations. We have canceled some production today and are currently assessing the situation," a spokesman said.

According to security researchers, the Ekans ransomware that was used to target Honda is a variant of the Snake ransomware that was recently used to target Germany-based Fresenius Group, Europe's largest private hospital operator, with devastating effect.

Fresenis Group provides dialysis products and services across a large number of hospitals in the United States and Europe. In May, the hospital chain announced that it was "postponing surgical procedures when medically justifiable and thereby expanding its capacity to care for COVID-19 patients".

Commenting on the latest ransomware attack targeting Honda, Neil Stobart, VP Engineering at Cloudian, told Teiss that a viable means of ransomware protection is WORM (write once, read many) storage technology that allows organisations to make immutable “locked” copies of their data.

"These copies can still be read but cannot be altered for a set period of time, even if hackers do somehow manage to exploit a vulnerability in the system. And gone are the days when WORM storage required special hardware and workflows.

"Now, it can be leveraged by enterprise storage systems more widely through a new feature called Object Lock, with automated workflows allowing ransomware protection at the device level and eliminating the need to separately manage protected copies of data," he added.