Snake Bites Honda, Affects Operations

S

The ‘EKANS/SNAKE’ virus, designed to attack industrial control systems network, has hit Honda, causing some of its global operations to come to a standstill. The company confirmed that it was facing technical difficulties in a tweet. Its abilities to access its computer servers, use e-mail and make use of its internal systems were affected.

Brett Callow, a threat analyst at security firm Emsisoft, uploaded a sample of the file-encrypting malware to VirusTotal, a malware analysis service. It referenced an internal Honda subdomain, mds.honda.com. “The ransomware will only encrypt files on systems capable of resolving this domain but, as the domain does not exist on the clear net, most systems would not be able to resolve it. mds.honda.com may well exist on the internal nameserver used by Honda’s intranet, so this is a fairly solid indicator that Honda was indeed hit by Snake,” said Callow.

Security researcher Vitali Kremez said that it also contained a reference to the U.S. IP address 170.108.71.15. This IP address resolves to the ‘unspec170108.amerhonda.com‘ hostname. The reference to the IP address and the internal hostname strongly hints that it was a SNAKE ransomware attack. Honda stated that no breach of information had taken place. Most of the production resumed by Tuesday but its plants at Ohio, Brazil, Turkey, Italy and India are still under suspension.

About the author

Avtro

I bring the hottest news from the vast expanse of the industry to this space. The thoughts and opinions voiced are of my own and do not reflect my employer. I also allow them to evolve ever so often.

1 Comment

By Avtro

Send to my inbox!

Follow Us

DomainMagazine is a leading technology media property, dedicated to obsessively profiling domain name industry and breaking domain news.

Avtro

I bring the hottest news from the vast expanse of the industry to this space. The thoughts and opinions voiced are of my own and do not reflect my employer. I also allow them to evolve ever so often.