Honda suffers suspected ransomware attack
So-called "Ekans" ransomware is said to be behind office closures and a halt in manufacturing at some factories


Japanese car giant Honda has been hit by a ransomware attack that has forced it to put manufacturing on hold at some locations.
The ransomware attack was first discovered on Sunday, with Honda putting production on hold in certain locations the following day to deal with a "disruption" in its computer network, according to NBC News.
The most popular ransomware strains targeting UK businesses How to beat ransomware What are the different types of ransomware?
Reports claim Honda employees in the US were also turned away from their offices on Monday morning as IT equipment and phones were still offline.
Cyber security researchers claim to have found evidence that hackers have created a custom variant of the "Ekans", or "Snake", ransomware to encrypt an internal Honda network and demand ransom in exchange for a decryption key.
The so-called "Ekans" ransomware is a type of malware that has been designed to target industrial control systems and to evade anti-malware tools. It was recently used to target Germany-based Fresenius Group, Europe's largest private hospital operator, forcing it to postpone surgical procedures.
Honda has yet to confirm the ransomware attack but did state that it has suffered a security incident that has impacted its operations in Europe.
"This is currently under investigation, to understand the cause," a Honda spokesperson said.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"At this point, there is no effect on either Japanese production or dealer activities, and no customer impact. In Europe, we are investigating to understand the nature of any impact. We can confirm some impact in Europe and are currently investigating the exact nature.
This is not the first time Honda has been targeted by cyber criminals. One of the company's plants at Sayama, Japan, had to temporarily stop production in 2017 after its network was hit by WannaCry ransomware.
RELATED RESOURCE
How enterprises are embracing cyber security challenges
Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation
In 2019, the carmaker had to deal with another cyber security incident after a researcher discovered a misconfigured ElasticSearch database leaking 134 million corporate documents that exposed sensitive information about the Honda's internal systems and device data.
Carly Page is a freelance technology journalist, editor and copywriter specialising in cyber security, B2B, and consumer technology. She has more than a decade of experience in the industry and has written for a range of publications including Forbes, IT Pro, the Metro, TechRadar, TechCrunch, TES, and WIRED, as well as offering copywriting and consultancy services.
Prior to entering the weird and wonderful world of freelance journalism, Carly served as editor of tech tabloid The INQUIRER from 2012 and 2019. She is also a graduate of the University of Lincoln, where she earned a degree in journalism.
You can check out Carly's ramblings (and her dog) on Twitter, or email her at hello@carlypagewrites.co.uk.
-
Cloudflare is cracking down on AI web scrapers
News Cloudflare CEO Matthew Prince said AI companies have been "scraping content without limits" - now the company is cracking down.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Swiss government data published following supply chain attack – here’s what we know about the culprits
News Radix, a non-profit organization in the health promotion sector, supplies a number of federal offices, whose data has apparently been accessed.
-
Ransomware victims are getting better at haggling with hackers
News While nearly half of companies paid a ransom to get their data back last year, victims are taking an increasingly hard line with hackers to strike fair deals.
-
LockBit data dump reveals a treasure trove of intel on the notorious hacker group
News An analysis of May's SQL database dump shows how much LockBit was really making
-
‘I take pleasure in thinking I can rid society of at least some of them’: A cyber vigilante is dumping information on notorious ransomware criminals – and security experts say police will be keeping close tabs
News An anonymous whistleblower has released large amounts of data allegedly linked to the ransomware gangs
-
It's been a bad week for ransomware operators
News A host of ransomware strains have been neutralized, servers seized, and key players indicted
-
Everything we know about the Peter Green Chilled cyber attack
News A ransomware attack on the chilled food distributor highlights the supply chain risks within the retail sector
-
Scattered Spider: Who are the alleged hackers behind the M&S cyber attack?
News The Scattered Spider group has been highly active in recent years
-
Ransomware attacks are rising — but quiet payouts could mean there's more than actually reported
News Ransomware attacks continue to climb, but they may be even higher than official figures show as companies choose to quietly pay to make such incidents go away.