After the health crisis, Honda finds itself the victim of a cyber attack that targeted its internal servers. Even if it seems that the personal data of customers and employees have not been compromised, it remains surprising or even worrying that this attack could have taken place at a time when vehicles are increasingly connected to the Internet . A total of 11 factories were allegedly affected by this attack, including 5 in the United States. Employees of US factories were sent home for Monday.
Many factories are now connected again, but the attack ended the transmission of emails and reached the vehicle control system. However, some factories such as those located in Turkey, Ohio, Brazil or India are still offline. The Japanese giant is nevertheless reassuring about the consequences of this incident.
"Honda has experienced a cyber attack that has affected production operations in some US factories. However, there is currently no evidence of loss of personally identifiable information. We have resumed production in most factories and are currently working to return production to our auto and engine factories in Ohio A Honda spokesperson told Engadget.
Ransomware behind this attack
The virus behind this attack is a variant of the ransomware called SNAKE, also known as EKANS. As with all ransomware, the modus operandi of it consists in seizing data and encrypting it, but its specificity is to attack industrial control systems. In exchange for a large sum of money, the victim of this attack can hope to recover all of his data.
In general, specialists agree to advise not to pay the ransom in order not to encourage this type of attack which would then be perceived as profitable for hackers. The flip side of this decision is that, in general, cybercriminals threaten to publish or resell this confidential information on the darknet. Companies must also be able to count on an effective backup system that allows them to easily get their hands on their stolen data without being dependent on the goodwill of hackers for the decryption thereof.
" An investigation is currently underway to understand the cause. At this point, there is no effect on Japanese production or distributor activities, and no impact on customers. In Europe, we are investigating to understand the nature of all the impacts. We can confirm certain impacts in Europe and we are currently studying their exact nature Said a spokesperson for Honda.
No information has been communicated by the group on a possible ransom note and its amount. This is not the first time that Honda has been the victim of this type of attack. Already in 2017, a ransomware called WannaCry had infected the manufacturer's computer network, again forcing it to stop production at one of its factories in Japan.