Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Ransomware

Honda Hit by WannaCry

Operations at Japanese Plant Halted Following Ransomware Outbreak
Honda Hit by WannaCry
Honda badge. (Photo: Intelligent Car Leasing, via Flickr/CC)

One month after the SMB-targeting WannaCry ransomware worm outbreak first began spreading globally, new infections have surfaced in Japan and beyond.

See Also: OnDemand | Adversary Analysis of Ransomware Trends

Honda Motor says it temporarily idled production at a Japanese vehicle plant this week after discovering systems infected with WannaCry, aka WannaCrypt.

On Sunday evening, "Honda discovered that the computer systems in several plants across the world were affected by the ransomware virus Wannacry," a spokesman tells Information Security Media Group.

As a result of the WannaCry outbreak, the automaker shut down production at its Sayama automobile assembly plant, located about 25 miles northwest of Tokyo. The plant produces about 1,000 Honda and Acura vehicles per day, including such models as the Accord and Legend, as well as the Odyssey and Step Wagon minivans.

Honda's Sayama plant in Japan. (Source: Honda)

Honda tells Reuters that despite proactive efforts to protect the automaker's network against the ransomware, following the May outbreak, it suffered fresh WannaCry infections at plants not just in Japan, but also North America, Europe, China and other regions.

The Sayama plant - the only one to be idled as a result of WannaCry - resumed operations Tuesday morning, Honda says. "At this moment, there is no further impact confirmed, but we will continue to monitor the situation and take every step to further strengthen the security of our systems," the spokesman says.

WannaCry Outbreak

The automaker's announcement comes more than five weeks after the WannaCry outbreak began May 12. The ransomware quickly spread worldwide, affecting organizations ranging from telecommunications giants such as Telefónica and healthcare providers, including Britain's National Health Service, to police departments, delivery services and government agencies.

The EU's law enforcement intelligence agency, Europol, said last month that more than 200,000 endpoints in at least 150 countries were infected by WannaCry.

WannaCry was designed to gain purchase on systems by targeting a flaw in Windows server message block - SMB - functionality that Microsoft patched in March for supported operating systems, and on May 12 for several outdated ones. Infected systems were then crypto-locked, and victims told to pay a ransom if they wanted to recover their data (see Teardown: WannaCry Ransomware).

Other Automakers Affected

Honda isn't the only automaker to have been hit by the ransomware. Immediately after the WannaCry outbreak began, the Renault-Nissan Alliance - comprised of France's Renault and Japan's Nissan - announced that they'd had to temporarily halt production at some European plants.

By May 15, Renault reported that production had resumed at most of its factories in France, Romania and Slovenia. Nissan, meanwhile, claimed that there had been "no major impact on our business," although its plant in Sunderland, England, had remained idled for several days following the ransomware outbreak.

Will WannaCry Strike Again?

The MalwareTech sinkhole was detecting about 2,000 active WannaCry infections on June 21.

Despite the rapid spread of the malware, its May outbreak was blunted thanks to the efforts of a security researcher who uses the moniker "MalwareTech." British tabloid newspapers quickly named the researcher as Marcus Hutchins, who's been celebrated for registering a nonsensical domain name he found in the ransomware, which had the unexpected but welcome effect, from that point onwards, of preventing most infections involving the ransomware from crypto-locking systems. In other words, Hutchins accidentally stumbled on the equivalent of a kill switch.

Despite those efforts, however, whoever developed the ransomware could easily retool it to eliminate the kill-switch flaw as well as some other amateur mistakes in the code. To date, however, whoever created WannaCry - British and U.S. intelligence services have been pointing the finger at North Korea - does not appear to have tried to launch an updated version.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.