{
	"id": "161f570e-2d5e-490f-a373-6f5c38219549",
	"created_at": "2026-04-06T00:16:47.519673Z",
	"updated_at": "2026-04-10T03:20:02.473521Z",
	"deleted_at": null,
	"sha1_hash": "7ab2b503de02a4711c12f872a5352863a299b0fe",
	"title": "Honda investigates possible ransomware attack, networks impacted",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 907707,
	"plain_text": "Honda investigates possible ransomware attack, networks impacted\r\nBy Ionut Ilascu\r\nPublished: 2020-06-08 · Archived: 2026-04-05 21:53:39 UTC\r\nComputer networks in Europe and Japan from car manufacturer giant Honda have been affected by issues that are reportedly\r\nrelated to a SNAKE Ransomware cyber-attack.\r\nDetails are unclear at the moment but the company is currently investigating the cause of the problems that were detected on\r\nMonday.\r\nTrouble confirmed, likely SNAKE ransomware\r\nThe company has confirmed to BleepingComputer that its IT network is not functioning properly but declined to provide\r\nmore information regarding the nature of the issue as an investigation is ongoing.\r\nhttps://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\n“Honda can confirm that there is an issue with its IT network. This is currently under investigation, to understand the cause,“\r\na company representative told us.\r\nFrom what is known at this point, the issues have not influenced the Japanese production or dealer activities. Furthermore,\r\nthe company spokesperson said that there is no impact on Honda customers.\r\n“In Europe, we are investigating to understand the nature of any impact” - Honda\r\nWhile the Japanese car manufacturer is tight-lipped about these events, a security researcher named Milkream has found a\r\nsample of the SNAKE (EKANS) ransomware submitted to VirusTotal today that checks for the internal Honda network\r\nname of \"mds.honda.com.\"\r\nWhen BleepingComputer tried to analyze the sample, the ransomware would start and immediately exit without encrypting\r\nany files.\r\nThe researcher states that this is because the ransomware tries to resolve the \"mds.honda.com\" domain, and failing to do so,\r\nwill terminate the ransomware without encrypting any files.\r\nSecurity researcher Vitali Kremez has also told BleepingComputer that in addition to the mds.honda.com check, it also\r\ncontains a reference to the U.S. IP address 170.108.71.15. \r\nThis IP address resolves to the 'unspec170108.amerhonda.com' hostname.\r\nThe reference to this IP address and the internal hostname check are very strong indicators that today's network outages are\r\nbeing caused by a SNAKE ransomware attack.\r\nSnake Ransom note dropped by sample found today\r\ncredit: milkream\r\nIt is unclear how many systems are affected but Snake is known to steal data before deploying the encryption routine. In a\r\nstatement to BleepingComputer on Tuesday, Honda says that they can \"confirm that there is no information breach at this\r\npoint in time.\"\r\n\"Work is being undertaken to minimise the impact and to restore full functionality of production, sales and development\r\nactivities. At this point, we see minimal business impact\" - Honda representative\r\nBleepingComputer reached out to the SNAKE ransomware operators, and while they did not admit to the attack, they did\r\nnot deny it either.\r\n\"At this time we will not share details about the attack in order to allow the target some deniability. This will change as time\r\npasses,\" the SNAKE operators told BleepingComputer.\r\nOpen database leaks sensitive info\r\nhttps://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/\r\nPage 3 of 5\n\nIf this proves to be an intrusion from an unauthorized party, it would be a significantly different security incident than what\r\nthe company had to deal with last year when misconfigured databases exposed sensitive information on the public internet.\r\nAt the end of July 2019, security researcher Justin Paine found an unsecured ElasticSearch database containing information\r\non about 300,000 Honda employees across the world, including the CEO.\r\nApart from personally identifiable information, the database instance included details about machines on the network, like\r\nthe version of the operating system, hostnames, and patch status.\r\nAccording to Paine’s research, a table called “uncontrolledmachines” listed systems on the internal network that did not\r\nhave security software installed.\r\n\"If an attacker is looking for a way into Honda's network knowing which machines are far less likely to identify/block their\r\nattacks would be critical information. These \"uncontrolled machines\" could very easily be the open door into the entire\r\nnetwork,\" Paine said\r\nAnother open ElasticSearch database belonging to Honda was discovered on December 11 last year by security researcher\r\nBob Diachenko. The records were unprotected on the public internet and included data about customers in North America.\r\nThe database was from a data logging and monitoring server for telematics services. It included full names, email addresses,\r\nphone numbers, postal addresses, vehicle make and model, as well as its identification number (VIN).\r\nThe company estimated that about 26,000 unique consumer-related records were exposed due to the misconfigured database.\r\nUpdate 6/8/20: Added information about a Honda IP address in the ransomware executable and a statement from the\r\nSNAKE ransomware operators.\r\nUpdate 6/9/20: Added details from a second statement from Honda about the risk of information breach and the impact on\r\nbusiness.\r\nThis is a developing story\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/\r\nPage 4 of 5\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/\r\nhttps://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/honda-investigates-possible-ransomware-attack-networks-impacted/"
	],
	"report_names": [
		"honda-investigates-possible-ransomware-attack-networks-impacted"
	],
	"threat_actors": [],
	"ts_created_at": 1775434607,
	"ts_updated_at": 1775791202,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7ab2b503de02a4711c12f872a5352863a299b0fe.pdf",
		"text": "https://archive.orkl.eu/7ab2b503de02a4711c12f872a5352863a299b0fe.txt",
		"img": "https://archive.orkl.eu/7ab2b503de02a4711c12f872a5352863a299b0fe.jpg"
	}
}