Honda is reportedly the latest company to fall victim to the SNAKE ransomware which has affected its computer networks in Europe and Japan following a cyberattack.
At the moment, details are still unclear regarding the incident but the company has begun an investigation concerning the recently detected problems with its network. In a statement to BleepingComputer (opens in new tab), a Honda spokesperson confirmed that its IT network is not functioning properly, saying:
“Honda can confirm that there is an issue with its IT network. This is currently under investigation, to understand the cause. In Europe, we are investigating to understand the nature of any impact”
- SNAKE ransomware looks to encrypt an entire business network
- Linux and Windows systems targeted by new Tycoon ransomware
- Also check out the best ransomware protection
Thankfully though, the issues have not affected Honda's production in Japan or its dealerships. The company spokesperson also said that Honda customers have not been impacted by the issues with its IT network.
Although Honda is still investigating the incident and the company has yet to provide any substantial details on what happened, a security researcher named Milkream (opens in new tab) has discovered that a sample of the SNAKE ransomware was submitted to VirusTotal which checks for Honda's internal network name of “mds.honda.com”.
During its analysis of the sample, BleepingComputer discovered that the ransomware would start and exit immediately without encrypting any files. The researcher explained to the news outlet that this is because the ransomware tries to resolve the domain of Honda's internal network and when it fails to do so, it terminates without encrypting any files.
It is still unclear as to how many of the Japanese auto maker's systems are affected but SNAKE is known to steal a victim's data before deploying its encryption routine.
Privacy advocate at Comparitech, Paul Bischoff provided more details on how Honda may have been infected with the SNAKE ransomware, saying:
“Based on the limited information Honda has released about the attack, this looks like the result of ransomware. Given that many operations are shut down, but no data was stolen, ransomware is the most obvious culprit. Attackers might have tricked a Honda employee into clicking a link that downloaded a ransomware-infected file, for example. If Honda has proper backup systems in place, it should be able to mitigate the effect of the attack and resume operations with minimal downtime. Honda is a huge company, though, so any downtime incurs large losses even if the company chooses not to pay the ransom.”
- Keep your devices protected with the best antivirus software
Via BleepingComputer (opens in new tab)