Honda confirmed in a brief statement on Tuesday that the ransomware attack targeted production stalls at its multinational factories outside its Japanese headquarters.
At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable. We are working to resolve the issue as quickly as possible. We apologize for the inconvenience and thank you for your patience and understanding.
— Honda Automobile Customer Service (@HondaCustSvc) June 8, 2020
The Japanese car-maker said in a statement: “Honda can confirm that a cyber-attack has taken place on the Honda network. There is also an impact on production systems outside of Japan. Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development activities.”
The details of the attacks that are currently flowing are not revealed, but earlier reports indicate that Snake ransomware may be the culprit. Like other file encryption malware, Snake encrypts files and documents and extorts cryptocurrency ransoms.
A sample of the file-encrypting malware was uploaded to VirusTotal, a malware analysis service, referencing an internal Honda subdomain, mds.honda.com .The ransomware will only encrypt files on systems capable of resolving this domain but, as the domain does not exist on the clear net, most systems would not be able to resolve it. mds.honda.com may well exist on the internal nameserver used by Honda’s intranet, so this is a fairly solid indicator that Honda was indeed hit by Snake.