Honda suffers suspected ransomware attack
So-called "Ekans" ransomware is said to be behind office closures and a halt in manufacturing at some factories


Japanese car giant Honda has been hit by a ransomware attack that has forced it to put manufacturing on hold at some locations.
The ransomware attack was first discovered on Sunday, with Honda putting production on hold in certain locations the following day to deal with a "disruption" in its computer network, according to NBC News.
The most popular ransomware strains targeting UK businesses How to beat ransomware What are the different types of ransomware?
Reports claim Honda employees in the US were also turned away from their offices on Monday morning as IT equipment and phones were still offline.
Cyber security researchers claim to have found evidence that hackers have created a custom variant of the "Ekans", or "Snake", ransomware to encrypt an internal Honda network and demand ransom in exchange for a decryption key.
The so-called "Ekans" ransomware is a type of malware that has been designed to target industrial control systems and to evade anti-malware tools. It was recently used to target Germany-based Fresenius Group, Europe's largest private hospital operator, forcing it to postpone surgical procedures.
Honda has yet to confirm the ransomware attack but did state that it has suffered a security incident that has impacted its operations in Europe.
"This is currently under investigation, to understand the cause," a Honda spokesperson said.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"At this point, there is no effect on either Japanese production or dealer activities, and no customer impact. In Europe, we are investigating to understand the nature of any impact. We can confirm some impact in Europe and are currently investigating the exact nature.
This is not the first time Honda has been targeted by cyber criminals. One of the company's plants at Sayama, Japan, had to temporarily stop production in 2017 after its network was hit by WannaCry ransomware.
RELATED RESOURCE
How enterprises are embracing cyber security challenges
Enterprises across Europe, the Middle East and Africa are undergoing a significant transformation
In 2019, the carmaker had to deal with another cyber security incident after a researcher discovered a misconfigured ElasticSearch database leaking 134 million corporate documents that exposed sensitive information about the Honda's internal systems and device data.
Carly Page is a freelance technology journalist, editor and copywriter specialising in cyber security, B2B, and consumer technology. She has more than a decade of experience in the industry and has written for a range of publications including Forbes, IT Pro, the Metro, TechRadar, TechCrunch, TES, and WIRED, as well as offering copywriting and consultancy services.
Prior to entering the weird and wonderful world of freelance journalism, Carly served as editor of tech tabloid The INQUIRER from 2012 and 2019. She is also a graduate of the University of Lincoln, where she earned a degree in journalism.
You can check out Carly's ramblings (and her dog) on Twitter, or email her at hello@carlypagewrites.co.uk.
-
UK to host largest European GPU cluster under £11 billion Nvidia investment plans
News Nvidia says the UK will host Europe’s largest GPU cluster, totaling 120,000 Blackwell GPUs by the end of 2026, in a major boost for the country’s sovereign compute capacity.
-
Jensen Huang says AI will make us busier – so what’s the point?
Opinion So much for efficiency gains and focusing on the more “rewarding” aspects of your job
-
Prolific ransomware operator added to Europe’s Most Wanted list as US dangles $10 million reward
News The US Department of Justice is offering a reward of up to $10 million for information leading to the arrest of Volodymyr Viktorovych Tymoshchuk, an alleged ransomware criminal.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attack
News The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalities
News The attack on IT systems supplier Miljödata has impacted public sector services across the country
-
A notorious hacker group is ramping up cloud-based ransomware attacks
News The Storm-0501 threat group is refining its tactics, according to Microsoft, shifting away from traditional endpoint-based attacks and toward cloud-based ransomware.
-
Security researchers have just identified what could be the first ‘AI-powered’ ransomware strain – and it uses OpenAI’s gpt-oss-20b model
News Using OpenAI's gpt-oss:20b model, ‘PromptLock’ generates malicious Lua scripts via the Ollama API.
-
Data I/O shuts down systems in wake of ransomware attack
News Regulatory filings by Data I/O suggest the costs of dealing with the attack could be significant
-
Average ransom payment doubles in a single quarter
News Targeted social engineering and data exfiltration have become the biggest tactics as three major ransomware groups dominate
-
BlackSuit ransomware gang taken down in latest law enforcement sting – but members have already formed a new group
News The notorious gang has seen its servers taken down and bitcoin seized, but may have morphed into a new group called Chaos