Although metamorphically, however, many cybersecurity experts believe that “there is a Snake under Honda’s hood”. Yes, you read it right! Operations of the Japanese automobile giant, Honda, were reportedly disrupted in parts across Europe, Japan, and the U.S. due to Snake ransomware (also known as EKANS).
A report from NBC News stated that the ransomware attack was first discovered in the late hours of Sunday night. Owing to the security crisis, the operations on certain production units of Honda in Europe was put on hold.
Honda Confirms Disruption
Honda’s spokesperson confirmed the security incident but did not exactly mention the type and motive behind the cyberattack. He said, “On Sunday, June 7, Honda experienced a disruption in its computer network that has caused a loss of connectivity. We have canceled some production today (Monday, June 8) and are currently assessing the situation. At this point, there is no effect on either Japanese production or dealer activities, and no customer impact. In Europe, we are investigating to understand the nature of any impact. We can confirm some impact in Europe and are currently investigating the exact nature.”
However, the cybersecurity company Virus Total claimed that it had certain evidence which clearly points out that Honda’s internal server has been encrypted with Snake ransomware and the cybercriminals have demanded a ransom in exchange of the encryption key. At this point, it is unclear as to how many systems were exactly being affected, but Snake ransomware operators are notoriously known to copy critical data before encrypting it for leveraging negotiations with the victim.
Earlier this year, a threat intelligence report from security firm Dragos had uncovered the Snake ransomware targeting industrial control systems (ICS). Researchers said Snake was the first of its kind file-encrypting malware customized to infect the network systems that control operations in manufacturing environments.
While investigating, researchers found a list of command processes linked to ICS operations. This disrupted the ICS processes on victims’ devices and allowed cybercriminals to deploy the ransomware and compromise the targeted devices asking them for a ransom.