(Newswire.net — June 18, 2020) — Cyber attacks have been increasing throughout the years. In 2020, such incidents occur 2,244 times per day, targeting random individuals and big companies around the world. Unfortunately, during the second week of June 2020, the Japanese car company Honda’s internal network was hit by a cyberattack, impacting its servers, internet systems, and emails. This forced Honda to halt work at the UK plant as well as suspend other operations in countries like Japan, Turkey, North America, and Italy. What is this EKANS ransomware that infiltrated the company’s systems? Here’s everything you need to know.
The Slithering Ransomware
We all know that cybercrimes rely on specific tools and this one is no different. Apparently, Honda suffered an attack that fits into a family of file-encrypting ransomware commonly referred to as Snake or Ekans.
The EKANS ransomware was first observed back in December 2019. It is malware that infects industrial control systems, damaging and disrupting factory operations until a ransom is paid, hence the term Ransomware.
According to analysts, the malware (Snake) removes computers’ Shadow Volume Copies and kills numerous processes related to SCADA systems. Moreover, the EKANs is able to delete Windows backup copies, which are very important to a manufacturer such as Honda, forcing the company to pay the attackers.
Aside from that, EKANS is also able to encrypt the company’s files, leaving a ransom note at the end of the process. Based on what researchers found about the newly developed malware, EKANS’s development traces back to a precursor that goes by the name of Megacrotex.
It is a strain of ransomware that appeared in 2019, targeting several businesses. Researchers examined the code and found several mentions of the auto manufacturer’s network name: mds.honda.com. Here’s how the code looks like:
The domain name mentioned above isn’t a website you can visit, so we can presume that it’s some part of Honda’s internal network. Once the malware is executed, it will resolve to a hardcoded hostname “mds.honda.com”. Finally, the encryption process begins and the following ransom “Fix-Your-Files.txt” note appears.
The EKANS ransomware may infect Windows devices through email spam, botnets, exploits, fake updates, and more. Once the target gets the note, they can see the contact email, which is a privacy-focused email service similar to Protonmail – CTemplar.
Honda’s Point of View
This is not the first time Honda has suffered such an attack. Back in 2017, the company’s automobile factory Sayama Car Manufacturing plant was hit by the WannaCry Ransomware.
The attack forced Honda to halt production of both Accord and Odyssey Minivans to nearby time in the future. So, we can say that this is not the company’s first rodeo. According to the Japanese car manufacturer:
“Honda can confirm that a cyber-attack has taken place on the Honda network,”
It also stated that the attack had an impact on their production systems outside Japan, at least for the time being. Moreover, Honda said that it’s working on minimizing the impact and restoring full functionality of production. It was clearly stated in a tweet the company shared:
“At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable. We are working to resolve the issue as quickly as possible. We apologize for the inconvenience and thank you for your patience and understanding.”
It’s still not clear what kind of files or personal information was harvested. They have resumed production in most plants and are now working towards resuming production of their auto and engine plants in Ohio.
Final Words
The malware isn’t that big of a threat yet, but malware development has been evolving and it will be before we know it.
Honda has a lot to deal with and according to the company, it won’t bow down to the cybercriminals who are asking for ransom. Honda might be able to bring back the operations through data backups.
Protecting private information from cyberthreats has become a necessity today. You can first start by gaining knowledge. Most of our information comes from a website called The VPN Guru. It has a lot of tips and tricks for maintaining online privacy and security.