Honda Tackling Suspected Ransomware Infection

Written by

Honda is investigating a cyber-attack on its IT network in Europe which researchers are claiming is Ekans ransomware.

The carmaker has issued a brief statement after problems were uncovered on Sunday, confirming there was an issue with its network.

It said it had “experienced a disruption in its computer network that has caused a loss of connectivity, thus impacting our business operations.

“Our information technology team is working quickly to assess the situation,” it added, according to The Detroit Bureau.

However, on Twitter, security researchers were less circumspect. One, known as @milkr3am, posted several screenshots including one with purported Ekans (aka Snake) code that checks specifically for the domain, indicating that this variant has been specially customized to target the firm.

They also posted a ransom note, which requests the victim organization to get in touch with a secure Tutanota email address to discuss purchasing the private decryption key, which it says was “created specifically for your network.”

Alongside these are links to Virus Total which apparently show the code detected by 40 out of 71 vendors as Snake or Ekans ransomware.

This isn’t the first time Honda’s cybersecurity posture has come under scrutiny. Back in 2011 its American arm admitted to a data breach which compromised the personal details of over two million customers.

Then in 2019, the carmaker suffered two separate incidents. In July a researcher discovered an exposed Elasticsearch instance leaking 134 million corporate documents (around 40GB of data). Then in December, a similar incident exposed around 26,000 unique customer records from the firm’s North American business.

“Unfortunately, conventional approaches to ransomware threats tend to be minimally effective. Employee training can never completely remove the potential for human error, while software designed to stop malware rapidly becomes obsolete as threats and their identifying signatures evolve,” explained Cloudian VP of engineering, Neil Stobart.

“As such, organizations often encrypt data as a safeguard against ransomware. However, while encryption can be useful where cyber-criminals just want to access and share the data itself, in the case of ransomware, they can simply re-encrypt the data to prevent access by its rightful owner.”

What’s hot on Infosecurity Magazine?