Honda global operations halted by ransomware attack

Honda has confirmed a cyberattack that brought parts of its global operations to a standstill.

The company said in a brief statement Tuesday that the attack caused production issues outside of its headquarters in Japan. "Work is being undertaken to minimize the impact and to restore full functionality of production, sales, and development activities," according to the BBC.

It follows a tweet from the company, now pinned to the top of its Twitter feed, stating that its customer service and financial services are "unavailable" due to the attack.

Honda is one of the largest vehicle manufacturers in the world, employing more than 200,000 staff, with factories in the U.K., North America, and Europe.

Details of the attack are slim but an earlier report suggests that the Snake ransomware is the likely culprit. Snake, like other file-encrypting malware, scrambles files and documents and holds them hostage for a ransom, expected to be paid in cryptocurrency. But Honda said there was no evidence to suggest that data had been exfiltrated, a common tactic used by newer forms of ransomware.

The company said that affected factories and plants are expected to be brought back online as early as today.

Brett Callow, a threat analyst at security firm Emsisoft, said a sample of the file-encrypting malware was uploaded to VirusTotal, a malware analysis service, referencing an internal Honda subdomain, mds.honda.com.

"The ransomware will only encrypt files on systems capable of resolving this domain but, as the domain does not exist on the clear net, most systems would not be able to resolve it. mds.honda.com may well exist on the internal nameserver used by Honda's intranet, so this is a fairly solid indicator that Honda was indeed hit by Snake," said Callow.

Honda finds itself in similar company to IT giant Cognizant, cyber insurer Chubb, and defense contractor CPI, all of which were hit by ransomware this year.