Skip to main content

Honda targeted in possible ransomware attack

(Image credit: Image Credit: WK1003Mike / Shutterstock )

Honda’s internal networks, both in Japan and in Europe, appear to have been attacked by SNAKE ransomware.

The company told Bleeping Computer its networks are having difficulties, but did not disclose further details about the nature of the outage.

In a short statement to the publication, the company said: “Honda can confirm that there is an issue with its IT network. This is currently under investigation, to understand the cause.”

The SNAKE ransomware operators were also reticent about the attack, but did not actively deny their role in the assault.

"At this time we will not share details about the attack in order to allow the target some deniability. This will change as time passes," they said.

However, evidence gathered by security researchers suggests SNAKE ransomware is responsible for the issues facing Honda.

Researcher “Milkream”, spotted a SNAKE (EKANS) sample on VirusTotal that looks for "mds.honda.com". Fellow researcher Vitali Kremez, meanwhile, said the sample tries to resolve the "unspec170108.amerhonda.com" hostname, linking it to the attack.

While the scope of the incident is unknown, we do know it hasn’t affected production or dealer activities. We also know SNAKE traditionally steals data before encrypting it, allowing its operators to use the stolen data as leverage during negotiations.