Last Monday was a day which will live in infamy for the automobile manufacturer Honda as the renowned Japanese company was forced to power down one of its domestic plants after the WannaCry ransomware found a way into the company’s network.
The plant in question, located in Sayama an hour northwest of Tokyo, had an estimated daily output of 1,000 vehicles including the Accord sedan, Odyssey Minivan and Step Wagon and was powered down on Monday following the realization that WannaCry ransomware had lurked through the company’s network in Japan, North America, Europe, China, and other regions. However, by the time Reuters reported the incident on Wednesday, regular operations in Sayama were resumed and none of Honda’s other 30 plants worldwide was impacted.
The spokeswoman who broke the news to Reuters affirmed that Honda made efforts to secure its network and systems in May especially after a hacker group known as The Shadow Brokers leaked EternalBlue, an NSA-developed tool exploiting a now-patched vulnerability in Microsoft Windows’ SMB protocol. This vulnerability was exploited as a method to rapidly spread WannaCry across the world.
Another similar incident involves Nayana, a web hosting company based in South Korea. Although it was not WannaCry, Nayana was hit by Erebus ransomware and due to pressure of lawsuits from clients and threats to double the ransom from hackers, Hwang Chilghong, Nayana’s CEO, announced in a blog post that they’re negotiating with the hackers and will pay the ransom.
According to Kaspersky Lab, Nayana was originally requested to pay 5 billion Won – South Korea’s official currency – roughly $4.3 million USD to retrieve their data. However, lawyers were able to negotiate the payment down to 397 bitcoin, or $1 million. It is believed that 153 of Nayana’s Linux servers and 3,400 customer websites were encrypted by the ransomware. No news until the writing of this post as to whether they had the data back or not.
The latest variant of Erebus ransomware appeared in February, used User Account Control bypass and requested a relatively small ransom payment of 90$.
Wannacry and other ransomware are taking the world by storm as major companies worldwide are being hit; along with Honda and Nayana, automakers Renault SA and Nissan Motor Co were also targeted by WannaCry ransomware, as well as the German mobile network provider O2, the Britain’s National Health Service (NHS), FedEx Corporations and the list goes on ..
According to Kaspersky, companies hit by WannaCry over the last month have either had a backup strategy or deployed patches. Honda hasn’t yet made it clear how they neutralized the WannaCry attack and with any luck, they will not need to do it again.