Honda is putting some of its manufacturing on hold while it deals with a “disruption in its computer network,” the company said Monday, prompting fears that it has been infected with ransomware.
The company has canceled “some production today” and is “currently assessing the situation,” spokesperson Chris Abbruzzese said in a statement Monday. He declined to elaborate whether Honda had been the victim of a cyberattack. Honda first noticed an issue Sunday, the company said in an earlier statement.
Some cybersecurity researchers believe the company was at least targeted by cybercriminals after they found evidence Monday of ransomware that had been customized to lock an internal Honda network until the victim paid for an encryption key. That code is designed to keep ransomware from spreading destructively from network to network, like the infamous NotPetya and WannaCry ransomware strains of 2017.
That ransomware belongs to a family referred to as Snake, which was used this year to infect the European medical giant Fresenius.
That Honda noticed the issue on Sunday is a further indication of ransomware, said Allan Liska, who tracks ransomware at the cybersecurity firm Recorded Future.
“Keep in mind most ransomware actors that hand launch their ransomware (instead of automating the whole process) like to do so on weekends because they know there are usually fewer security people around,” Liska said.
Governments and major corporations have struggled to deal with the rise of “big game hunting” ransomware, where hacker gangs meticulously implant that malicious software on a corporate target that might be susceptible to significant extortion. Even when law enforcement agencies like the FBI are aware of suspects’ identity, they often can’t arrest them if they’re stationed in a country that doesn’t extradite and doesn’t always arrest their own cybercriminals, like Russia.