Honda forced to halt car production after being infected by WannaCry ransomware

Japanese car manufacturer Honda was forced to stop production at one vehicle plant for roughly 24 hours this week after discovering WannaCry, a highly-infectious strain of ransomware which caused a global cybercrime incident last month, was on its computer networks.

It shuttered activity at its Tokyo-based facility on Monday (19 June), the company confirmed this week (21 June). The production plant makes the Accord sedan, Odyssey Minivan and Step Wagon compact models, with a daily output of 1,000 vehicles, Reuters reported.

Honda Motor Company found the ransomware on its systems on Sunday (18 June) had impacted some networks in Japan, North America, Europe and China.

A spokesperson said production at other plants was not impacted, and full operations in Tokyo resumed within 24 hours. The firm did not elaborate on how the malware was cleansed in such a short period of time.

It was 12 May when the ransomware first emerged, later spreading to hundreds of thousands of machines in 150 countries, according to statistics from Europol .

At the time a number car manufacturers – including Renault and Nissan – were hit. Other victims included Telefónica and the UK National Health Service (NHS).

The ransomware, which locked down sensitive files and demanded cryptocurrency (Bitcoin) for their return, targeted unpatched devices running the Windows operating system. Microsoft, which maintains the software, was forced to release an urgent bug fixes.

"As with most malware, even after the initial impact of a public or global strike, it's still working its way around the internet looking for victims," commented Mark James, a security specialist with ESET, a Slovakia-headquartered cybersecurity and anti-virus firm.

Cybersecurity firms and the world's most prominent intelligence agencies found evidence within the malware code the outbreak may have been linked to hackers aligned with North Korea, specifically known as the Lazarus Group. Full attribution, as usual, remains murky.

The vast spread of infections were blamed on the leak of two US National Security Agency (NSA) hacking tools, released in April 2017 by a mysterious group dubbed 'The Shadow Brokers'. As dust settled on the attacks, the unit promised more cyberweapons would soon be published.

"When malware uses exploits in common or older versions of Windows many large manufacturers that use bespoke or embedded systems with software that may not be easily or quickly replaced could be teetering on the edge of disaster trying to protect themselves," James continued.

"It only takes one slip, one email or one web page, from all the hundreds or thousands of employees connected to a network of computers," he added.

"Of course keeping your systems up to date with the latest updates and patches [...] will help to keep you safe, but educating your staff on the dangers of using the very tools we need them to use for their daily workloads is just as important."