Operations at Japanese Plant Halted Following Ransomware Outbreak
One month after the SMB-targeting WannaCry ransomware worm outbreak first began spreading globally, new infections have surfaced in Japan and beyond.
See Also: Balancing Fraud Detection & the Consumer Banking Experience
Honda Motor says it temporarily idled production at a Japanese vehicle plant this week after discovering systems infected with WannaCry, aka WannaCrypt.
On Sunday evening, “Honda discovered that the computer systems in several plants across the world were affected by the ransomware virus Wannacry,” a spokesman tells Information Security Media Group.
As a result of the WannaCry outbreak, the automaker shut down production at its Sayama automobile assembly plant, located about 25 miles northwest of Tokyo. The plant produces about 1,000 Honda and Acura vehicles per day, including such models as the Accord and Legend, as well as the Odyssey and Step Wagon minivans.
Honda tells Reuters that despite proactive efforts to protect the automaker’s network against the ransomware, following the May outbreak, it suffered fresh WannaCry infections at plants not just in Japan, but also North America, Europe, China and other regions.
The Sayama plant – the only one to be idled as a result of WannaCry – resumed operations Tuesday morning, Honda says. “At this moment, there is no further impact confirmed, but we will continue to monitor the situation and take every step to further strengthen the security of our systems,” the spokesman says.
The automaker’s announcement comes more than five weeks after the WannaCry outbreak began May 12. The ransomware quickly spread worldwide, affecting organizations ranging from telecommunications giants such as Telefónica and healthcare providers, including Britain’s National Health Service, to police departments, delivery services and government agencies.
The EU’s law enforcement intelligence agency, Europol, said last month that more than 200,000 endpoints in at least 150 countries were infected by WannaCry.
WannaCry was designed to gain purchase on systems by targeting a flaw in Windows server message block – SMB – functionality that Microsoft patched in March for supported operating systems, and on May 12 for several outdated ones. Infected systems were then crypto-locked, and victims told to pay a ransom if they wanted to recover their data (see Teardown: WannaCry Ransomware).
Other Automakers Affected
Honda isn’t the only automaker to have been hit by the ransomware. Immediately after the WannaCry outbreak began, the Renault-Nissan Alliance – comprised of France’s Renault and Japan’s Nissan – announced that they’d had to temporarily halt production at some European plants.
By May 15, Renault reported that production had resumed at most of its factories in France, Romania and Slovenia. Nissan, meanwhile, claimed that there had been “no major impact on our business,” although its plant in Sunderland, England, had remained idled for several days following the ransomware outbreak.
Will WannaCry Strike Again?
Despite the rapid spread of the malware, its May outbreak was blunted thanks to the efforts of a security researcher who uses the moniker “MalwareTech.” British tabloid newspapers quickly named the researcher as Marcus Hutchins, who’s been celebrated for registering a nonsensical domain name he found in the ransomware, which had the unexpected but welcome effect, from that point onwards, of preventing most infections involving the ransomware from crypto-locking systems. In other words, Hutchins accidentally stumbled on the equivalent of a kill switch.
Despite those efforts, however, whoever developed the ransomware could easily retool it to eliminate the kill-switch flaw as well as some other amateur mistakes in the code. To date, however, whoever created WannaCry – British and U.S. intelligence services have been pointing the finger at North Korea – does not appear to have tried to launch an updated version.