Honda Shuts Down Factories After Cyberattack

Photo credit: STR - Getty Images
Photo credit: STR - Getty Images

From Popular Mechanics

  • On June 9, Honda was hit with a cyberattack that put some manufacturing systems offline.

  • No customer data was subject to the breach, the automaker tells Popular Mechanics.

  • Security researchers believe this was a ransomware attack, wherein adversaries request digital payment to restore access to a network.

Honda manufacturing plants in Ohio and Turkey went offline on Tuesday, June 9 after a cyberattack compromised some of the Japanese automaker's facilities. While cybersecurity researchers say a ransomware attack is most likely to blame, it's unclear whether the attack targeted information technology systems or industrial control systems themselves.

"Honda has experienced a cyberattack that has affected production operations at some U.S. plants," Chris Abbruzzese, a spokesman for Honda North America, tells Popular Mechanics. "However, there is no current evidence of loss of personally identifiable information. We have resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio."

Based on samples posted online, cybersecurity researchers at MalwareBytes believe the attack fits into a family of file-encrypting ransomware variously referred to as Snake or Ekans. (No, not the Pokémon).

"On June 8, a researcher shared samples of ransomware that supposedly was aimed at Honda and ENEL INT. When we started looking at the code, we found several [artifacts] that corroborate this possibility," MalwareBytes notes in a June 9 blog post.

When the researchers examined the code, they found mentions of a network name related to the auto manufacturer: This is not a domain name you can visit online, so it's presumably part of an internal network at Honda. "When the malware executes, it will try to resolve to a hardcoded hostname ( If, and only if it does, will the file encryption begin," the researchers say.

Photo credit: Screenshot/MalwareBytes
Photo credit: Screenshot/MalwareBytes

If the attack was, in fact, the result of Ekans ransomware, Honda is one of the first companies to fall victim to it—that we know of, at least. And that could mean trouble down the line for all companies with industrial operations, from your local natural gas provider to aerospace manufacturing firms.

Back in February, Dragos—a Hanover, Maryland-based cybersecurity firm—first discovered this new type of ransomware, which targets industrial control systems. That means it attacks things like power grids, oil refineries, sewage treatment plants, and of course, factories that produce cars.

Ekans has only been around since about December 2019, Dragos says, but it points to a brazen leap from IT systems to industrial control systems. That makes the possible fallout from such cyberattacks physical in nature, and potentially dangerous.

As for Honda, this isn't the automaker's first tango with cybercriminals. Back in 2017, WannaCry ransomware struck Honda's computer network, forcing the company to halt production at a production plant northwest of Tokyo.

Honda hasn't given Popular Mechanics many specifics, as an internal investigation is most likely underway at the moment. But if this is any indication of what to expect from Ekans moving forward, managers at industrial operations facilities should run diagnostics to see if they're protected.

And if you're a Honda customer, don't freak out ... yet. If your personally identifiable information does make it into the wild, Honda is obligated to notify you in a timely manner, per data breach notification laws in your state. But because those rules are actually a patchwork of state-level legislation, you should refer to this list for specifics where you live.

You Might Also Like