Honda Forced to Shut Plant After WannaCry Returns

Japanese carmaker Honda has admitted it was forced to briefly shut down a manufacturing plant after finding WannaCry ransomware on its network weeks after the threat first struck around the world.

The firm is said to have pulled the plug at its Sayama plant on Monday after discovering a day earlier that the notorious ransomware was present on machines in Japan, North America, Europe, China and elsewhere.

A spokeswoman told Reuters that the firm had worked to patch systems against the threat when it emerged in mid-May.

Those efforts appear to have failed spectacularly, although the Sayama factory, which is said to produce 1000 vehicles per day, apparently reopened a day later and other plants were not affected.

WannaCry shook organizations across the globe when it landed on May 12, exposing poor patch management and a lack of basic security hygiene.

Official figures are difficult to come by, but two days after it broke, the threat had infected 200,000 victims in 150 countries, according to Europol.

Security experts were keen to stress the importance of prompt and comprehensive patching following the Honda incident.

“This latest incident reminds us that our efforts to defend our organizations against emerging threats is continuous. Regular review of all systems and their communication protocols is necessary and, more importantly, a thorough analysis of access controls,” advised One Identity UK director, Andrew Clarke.

“Often in organizations individuals are provisioned to access systems for short periods and are never deprovisioned, which means over time they get excessive access that can be damaging to the business if misused. Tools to control and manage overall access are critical. Malware such as WannaCry takes advantage of gaps in security so to be truly safe requires a continuous and thorough approach which embraces the multiple aspects of cyber security."

Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, added that Honda was right to cease production.

“The safety of employees should be of utmost concern,” she said. “However this incident could have been prevented with basic security hygiene, a patch management program and automatic updates to systems."

What’s Hot on Infosecurity Magazine?