Honda was forced to halt production at one of its Japanese plants on 19th June after it became the latest victim of the WannaCry cyber attack that brought parts of the NHS to a standstill last month. At the Sayama plant, northwest of Tokyo, hackers exploited weaknesses in Microsoft’s Windows 10 operating system; they locked files and demanded payment to secure data. Honda has said that the plant used older computers which were not secure enough.
The plant makes about 1,000 vehicles a day including the Honda Accord and Odyssey Minivan, and production has since restarted.
Rival carmakers Nissan and Renault were affected by the virus last month. It stopped production at Nissan’s Sunderland plant and also at plants in Japan, France, Romania and India. Other companies hit included FedEx and Telefonica.
Many public and private sector organisations still use Windows 10 and the ransomware locked up about 200,000 PCs in 150 countries. While the spread of the virus has slowed since last month, experts fear new versions could strike.
The UK’s National Cyber Security Centre, which works closely with GCHQ, is thought to have linked the ransomware attack to North Korea, through a hacking team known as the Lazarus Group.
In South Korea, the owner of the Nayana internet hosting company said that he had to sell his company so that he could pay a $1m ransom.
Speaking to The Times, Hwang Chil-hong said: “We know it is illegal [to pay a ransom] but we had no other choice. Otherwise, hundreds of thousands of people will face damage. I think this is my best choice.”
Following this news, Robert Capps, Vice President of business development at NuData Security said: “We are seeing an increasing number of hackers are using ransomware to extort organisations for money. These attacks can be very destructive to the target and highly lucrative for the attacker. These criminals are responsible for a growing percentage of financial fraud, malware, and other cyber threats.
"They either make money directly from the attack, from the sale of the data, or from money laundering after successful attacks. They will continually find new ways to penetrate consumer accounts and corporate networks, and evade detection by tools deployed to counter such threats.
"Organisations that hold critical and personal information about their users or stakeholders have a choice. Rather than just protecting transactional data, accept the full ramifications of data protection and system security by designing their systems to protect their users and ALL account data first.”