
TOKYO -- Honda Motor was likely specifically targeted by the malware that brought several plants to a halt this month as sophisticated cyberattacks further highlight the need for organizations to protect themselves.
The company's network came under a file-encrypting ransomware attack June 8, disrupting production at nine factories in the U.S. and elsewhere. Essential systems, as well as internal email, were rendered unusable.
The ransomware suspected of hitting Honda mentioned an in-house domain -- or internet address -- according to Takashi Yoshikawa of Mitsui Bussan Secure Directions, a unit of trading house Mitsui & Co.
"The malware was made to encrypt files and demand a ransom only in Honda's internal environment," Yoshikawa said after analyzing the software, suspected to be Snake.
The attack impacted servers to facilitate encrypting data on a wide range of terminals. Specific conditions were set so that the ransom note would be displayed only to IT managers. The note found in the analysis said files could be restored only through buying a tool for an unnamed price.
Honda declined to comment on the attack. But a sample of what may have been the malware was anonymously uploaded to VirusTotal, a malware-scanning website used by cybersecurity experts.
In 2017, the Japanese automaker's Sayama factory in a Tokyo suburb went offline after an attack by the WannaCry ransomware. While that malware indiscriminately impacted organizations around the world, the latest attack likely had set its sights on the carmaker.
"Attacks tailored to target entities, complete with advance scouting, are on the rise," Yoshikawa said.
The Snake malware suspected to have been used on Honda also attacked Germany-based hospital operator Fresenius this May, impacting its hospitals as well as medical device manufacturing and sales. Patient data was compromised as well.