Honda may have been hit by a ransomware attack

(Image credit: Future)
Audio player loading…

Honda is reportedly the latest company to fall victim to the SNAKE ransomware which has affected its computer networks in Europe and Japan following a cyberattack.

At the moment, details are still unclear regarding the incident but the company has begun an investigation concerning the recently detected problems with its network. In a statement to BleepingComputer (opens in new tab), a Honda spokesperson confirmed that its IT network is not functioning properly, saying:

“Honda can confirm that there is an issue with its IT network. This is currently under investigation, to understand the cause. In Europe, we are investigating to understand the nature of any impact”

Thankfully though, the issues have not affected Honda's production in Japan or its dealerships. The company spokesperson also said that Honda customers have not been impacted by the issues with its IT network.

SNAKE ransomware

Although Honda is still investigating the incident and the company has yet to provide any substantial details on what happened, a security researcher named Milkream (opens in new tab) has discovered that a sample of the SNAKE ransomware was submitted to VirusTotal which checks for Honda's internal network name of “mds.honda.com”.

During its analysis of the sample, BleepingComputer discovered that the ransomware would start and exit immediately without encrypting any files. The researcher explained to the news outlet that this is because the ransomware tries to resolve the domain of Honda's internal network and when it fails to do so, it terminates without encrypting any files.

It is still unclear as to how many of the Japanese auto maker's systems are affected but SNAKE is known to steal a victim's data before deploying its encryption routine.

Privacy advocate at Comparitech, Paul Bischoff provided more details on how Honda may have been infected with the SNAKE ransomware, saying:

“Based on the limited information Honda has released about the attack, this looks like the result of ransomware. Given that many operations are shut down, but no data was stolen, ransomware is the most obvious culprit. Attackers might have tricked a Honda employee into clicking a link that downloaded a ransomware-infected file, for example. If Honda has proper backup systems in place, it should be able to mitigate the effect of the attack and resume operations with minimal downtime. Honda is a huge company, though, so any downtime incurs large losses even if the company chooses not to pay the ransom.”

Via BleepingComputer (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.