Dive Brief:
- Honda's customer and financial services were disrupted Monday following a cyberattack, according to a company announcement and spokesperson. The malware spread throughout the company's networks, though Honda said no data was compromised.
- Honda "resumed production in most plants," a company spokesperson told CIO Dive Tuesday. The company had suspended operations at plants in the United Kingdom, North America, Turkey, Italy and Japan, according to the BBC.
- The company is working to "return to production" in its Ohio auto and engine plants, according to the spokesperson. The cyberattack initially rendered Honda's computer servers, email and other internal systems inaccessible, reported BBC.
Dive Insight:
While Honda's internal investigation and remediation is ongoing, cybersecurity professionals are speculating the attack was ransomware, reported Bleeping Computer.
Security researchers found evidence Snake "checks for the internal Honda network name of '"mds.honda.com,'" according to the report. When the ransomware cannot "resolve" the indicated domain, the ransomware is terminated without file encryption.
Snake relies on targets to ask for the decryption key from its operators. The ransomware is written in Golang and "uses a high level of obfuscation," according to McAfee. The ransomware "kills" processes linked to supervisory control and data acquisition and industrial control systems.
"Given that many operations are shut down, but no data was stolen, ransomware is the most obvious culprit," said Paul Bischoff, privacy advocate with Comparitech, in an email to CIO Dive. If Honda has reliable backup systems, the downtime will be minimal.
"Honda is a huge company, though, so any downtime incurs large losses even if the company chooses not to pay the ransom," Bischoff said.
With offices globally, some of the company's workforce — upwards of 219,000 employees — went remote, which could "negatively affect our business, particularly if our infrastructure and information technology systems are not capable of supporting" the workforce, according to Honda's latest SEC filing.
As ransomware circulates, Honda's cyberattack could be the latest linked to supply chain-style attacks. Honda manufactures cars as well as generators and equipment for specific industries.