Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak
No minivans or sedans rolled out of plant for 24 hours
Honda said today that it had briefly halted operations at a car plant in Sayama, Japan earlier this week because of the infamous WannaCrypt ransomware.
The Japanese car maker halted production for one day at a domestic vehicle plant on Monday after finding samples of the WannaCrypt ransomware in its computer network, Reuters reports.
The Renault-Nissan alliance had similar problems at five of their jointly operated plants in the immediate aftermath of the original WannaCrypt outbreak last month. Problems at another carmaker's plant are only surprising because of the timing – weeks after the original outbreak.
Hours after the original highly virulent WannaCrypt outbreak, security researcher Marcus Hutchins registered a domain found in the code that acted as a kill-switch and stopped the original ransomware spreading any further. It could be that Honda has blocked access to this domain internally, some experts have speculated.
It's not immediately clear if the original WannaCrypt, which hobbled systems at multiple NHS trusts and numerous enterprises worldwide last month, or one of many subsequent variants lies behind Honda's problem. Security experts said that as long as the underlying fault remains unresolved, then WannaCrypt variants will remain an issue.
Gavin Millard, technical director at Tenable, said: "That the exploitation of MS17-010 through WannaCry[pt] and other derivatives is still causing a problem is hardly surprising. Conficker and MS08-67, the main vulnerability it exploited, is still popping up on occasion nine years after it began infecting millions of systems around the world."
He added: "Of course, just patching these bugs isn’t always simple as it could cause disruption to the organisation. If that is the case then compensating controls must be put in place and proper, risk-based decisions must be made."
WannaCrypt spreads using EternalBlue, an exploit of the Windows' Server Message Block (SMB) protocol, and originally developed by the NSA. Hacking group Shadow Brokers leaked the exploit and others earlier this year.
The aftermath of the WannaCrypt outbreak created a lot of attention on systems with Windows XP, partly because of Microsoft's surprise decision to release patches for the long obsolete platform. In reality, Windows 7 was the most infected platform, and for unpatched or otherwise unprotected systems, it's largely a question of when and not whether they will be affected.
Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, added: "It comes as no surprise that more and large organisations have been affected by WannaCry[pt]. Microsoft released patches in March to fix the vulnerability that has allowed WannaCry[pt] to spread, but many organisations have been particularly slow to implement them."
Normal operations were underway at its Sayama plant by Tuesday, Honda said.®