The Japanese manufacturing giant revealed that it had been hit with ransomware on Monday June 8, 2020, forcing it to shut down a number of manufacturing facilities and disrupting its global operations. Honda was left with no choice but to halt operations in Japan, North America, the U.K., Turkey and Italy. Furthermore, the ransomware attack caused disruptions to the company’s customer service and financial services.


Although Honda has not officially announced the culprit of last month’s attack, rumor has it that the malware behind the shut down is Snake ransomware, also known as Ekans. A Snake sample uploaded to Virustotal supports these rumors, referencing an internal Honda domain – mds[.]honda[.]com. This may prove that the ransomware, which is programmed to target ICS/SCADA environments, was modified to target Honda specifically in this campaign.

Snake ransomware was first identified in December 2019, and since then, experts in the ICS/SCADA security field have been calling on industrial companies to ramp up their security. Although the basis of its ransomware functionality is quite simple, Snake boasts ICS-specific features, such as a process termination functionality that can harm production lines and systems. Its focus on ICS, and vast process kill list, makes it a formidable new type of threat on the industrial cyber landscape.


So, What Can We Learn From Honda’s Ransomware Attack?
ICS Attacks Are No Longer Nation-State Exclusive
Highly-targeted ICS ransomware attacks like this one used to be the art of nation-state actors alone, but this attack provides a glimpse into a future where many cyber criminals will be able to execute high-profile industrial attacks and halt production lines.


Segmentation, Segmentation, Segmentation
In Honda’s case, one breached network entry point led to a global operations shutdown. Networks should be isolated and segmented, ensuring one compromised network segment does not affect others.


Use Diverse, High-Quality Threat Intelligence Proactively
Many ransomware attacks happen through known, analyzed attack vectors and infrastructures. High-quality threat intelligence solutions should be implemented defensively, in all enterprise and industrial networks, where communication with attacker infrastructure can be blocked to ensure protection from various threat types.



Interested in learning more about how ThreatSTOP will protect your organization against ransomware attacks? Learn more about how ThreatSTOP reliably and quickly protects your network from cyber threats. Start a 14 day trial below.

Start Your Trial