Home / Advisory / Is there a SNAKE under the hood of Honda: EKANS Malware is a targeted Industrial Control Systems (ICS) Ransomware

Is there a SNAKE under the hood of Honda: EKANS Malware is a targeted Industrial Control Systems (ICS) Ransomware

Posted on
Cyber Secure India
Honda Motors under Cyber Attack.

In a delayed communication on 09 June 2020, the Japanese Automobile Giant, Honda Motor Company Headquarters, pass instructions to halt activities in Honda Cars India Limited (HCIL) due to a suspected cyber attack on its IT infrastructure. The Cyber Attack, is reported to have been caused a Malware named Ekans (reverse of SNAKE), which is an Industrial Control Systems (ICS) targeted ransomware. This attack on Honda has caused an internal network glitch thereby effecting manufacturing output.

This malware was first reported in the month of Jan 2020, and is a targeted ransomware for the ICS industrial control systems. This has been the second in its series   of ‘ICS targeted ransomware’ after the “Megacortex”, that first appeared in May-June 2019. The small but well packed code of “Ekans Ransomware”, targets the software and hardware used in everything from oil refineries to power grids to manufacturing facilities. Much like other ransomware, EKANS encrypts data and displays a note to victims demanding payment to release it; the name comes from a string it plants as a file marker on a victim computer to identify that its files have already been encrypted.

In different reports in the media, Honda Motor Company is experiencing a company-wide network outage that is suspected to have been caused by a ransomware attack. It also mentions that, major servers had become infected with the Ekans malware impacting production at some plants.

Earlier the company had on Sunday; 07 June 2020 reported the shutting down of operations in parts across Europe, Japan, and the U.S, which subsequently has been extended to India and other units across the globe.

Though, Honda has not reported any demand for ransom, but there is no news of the attack being repulsed or neutralised. The attack ingresses and the degree of infection have also not been ascertained as yet. Till date it is only the internal team that is engaged in resolving the problem, however the employment of external enterprises cannot be ruled out. The business continuity in many of the manufacturing hubs was still being revived recently after the lockdown due to COVID 19.

Cyber Secure India advises the enterprises to ensure proactive and well articulated Disaster Management Systems, abinitio, and ensure Building in Resilience Methodologies in the installation phase of IT and ICT infrastructure. One of the viable means of ransomware protection can also be WORM (write once, read many) storage technology that allows organisations to make immutable “locked” copies of their data.

%d bloggers like this: