Honda Networks Impacted After Possible Ransomware Attack

Honda Networks Impacted After Possible Ransomware Attack

Computer networks from car manufacturer giant Honda in Europe and Japan have been affected by issues reportedly related to a cyber-attack know as SNAKE Ransomware.

Details are currently unclear but the company is currently investigating the cause of the problems detected on Monday.

SNAKE ransomware most likely the culprit

The organization has stated that an investigation is underway, its IT network is not working properly but refused to provide too much detail about the essence of the matter.

“Honda can confirm that there is an issue with its IT network. This is currently under investigation, to understand the cause“

From what is known at this point, the issues did not affect Japanese manufacturing or dealer activities. Additionally, the spokesperson for the company said there was no impact on Honda customers.

“In Europe, we are investigating to understand the nature of any impact” – Honda

Although the Japanese car maker is tight-lipped about these cases, a security researcher called Milkream finds a sample of the SNAKE (EKANS) ransomware sent to VirusTotal today that searches for “mds.honda.com’s” internal Honda network name.

This IP address resolves to the ‘unspec170108.amerhonda.com’ hostname.

The reference to this IP address and the internal hostname check are very strong indicators that today’s network outages are being caused by a SNAKE ransomware attack.

Snake Ransom note dropped by sample found
Snake Ransom note dropped by sample found credit: milkream

It’s unclear how many systems are affected but before deploying the encryption routine, Snake is known to steal data.

If this proves to be an intrusion from an unauthorized party, then it would be a significantly different security incident than what the company had to deal with last year when misconfigured databases exposed sensitive public internet information.

Security researcher Justin Paine discovered an unsecured ElasticSearch database at the end of July 2019 containing information on around 300,000 Honda workers worldwide including the CEO.

In addition to personally identifiable information, the instance of the database included details of 
machines on the network, such as the operating system version, hostnames and patch status.
The database had been for telematics systems from a data logging and tracking server. It included full names, email addresses , telephone numbers, postal addresses, vehicle make and model, as well as its VIN.
The company reported that the misconfigured database revealed about 26,000 unique consumer-related information.

 

 

Posted on