Honda Shut Down Plant Impacted by WannaCry

Carmaker Honda announced Wednesday that it was forced to shut down production at one of its Japanese plants earlier this week after it was hit by the WannaCry ransomware.

Honda, one of the largest automobile manufacturers in the world, announced Wednesday that it was forced to shut down production at one of its Japanese plants after it was hit by the WannaCry ransomware.

The manufacturer said it powered down a plant on Monday in Sayama, a city in the Saitama prefecture, roughly an hour Northwest of Tokyo.

According to Honda’s website, the plant is responsible for every step of the car manufacturing process; models such as the Odyssey minivan and the Accord sedan are assembled on premises. The Sayama plant is one of 30 Honda operates worldwide, including four in the U.S.

A spokeswoman told Reuters – which broke the news on Wednesday – that the move was done after the company discovered the ransomware had made its way through the company’s networks in Japan, North America, Europe, China, and other regions.

The spokeswoman said the company made efforts to secure its systems in mid-May, when the scope of WannaCry, and NSA EternalBlue exploit it took advantage of, became known. It appears those efforts were not enough to prevent this weekend’s attack.

It didn’t take long for Honda to resolve the disruption. The car manufacturer told Reuters that production at other plants operated by the automaker weren’t affected and that operations at the Sayama plant went back to normal on Tuesday.

With the news Honda joins carmakers Renault SA, based in France, and Nissan, based in Japan but owned by Renault, that have had factories infected by WannaCry.

It’s unclear how exactly Honda mitigated WannaCry at the Japanese plant, or on its other networks. Many companies hit by WannaCry over the last month have either had a backup strategy in place, or rolled out patches for affected software gradually. Some have even paid the ransom.

The company did not immediately return a request for comment on Wednesday.

When reached Wednesday a spokesman for Honda confirmed the shutdown and said the company was working on reinforcing its “virus protection regimen” as a result of the attack:

On June 19, 2017, Honda’s Sayama Auto Plant experienced a short interruption in normal production caused by the shutdown of several older production line computers infected with the “Wannacry” virus. A total of approximately 1,000 units were not produced as planned as a result of this interruption. Production has resumed and Honda has taken steps to reinforce its virus protection regimen to avoid any similar occurrences in the future.

The news comes a few days after a company based in South Korea made headlines by announcing it had paid a whopping $1 million to recover data encrypted by ransomware. While it wasn’t WannaCry, Nayana, a South Korean web hosting company, announced in a blog post last week it had paid attackers after it was impacted by the Erebus ransomware.

The most recent iteration of the Erebus ransomware surfaced in February and used a UAC bypass. While that ransomware had a fairly low ransom payment, $90, it appears the version that hit Nayana was designed to target Linux web servers and asked much more from the company.

Nayana said it was originally asked to pay 5 billion Won – South Korea’s official currency – roughly $4.3 million USD to get its data back. 153 of its Linux servers and 3,400 customer websites were encrypted by the ransomware. The company was able to negotiate with hackers and get the payment bumped down to 397 bitcoin, or $1 million, according to the blog.

Photo via Mike Mozart, Flickr, Creative Commons

This article was updated at 2:55 p.m. EST to include a statement from Honda.

This article was updated at 4:30 p.m. EST to correct the ransom amount Nayana was originally asked for by attackers.

Suggested articles

Discussion

  • James on

    I think the $1.62 billion demand is a misprint. It's been reported elsewhere (eg., Ars) that the demand was for 1.6 billion Won (SK currency), which is about $4.4 million.
    • James on

      Make that originally 5 billion Won, or $4.4 million.
      • Chris Brook on

        Thanks for the heads up James. I think you're right. 5 billion Won is roughly $4,373,100. Correcting.
07/21/18 8:00
How #cyberinsurance changes the conversation around risk: https://t.co/a6hKWUWuNG

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.