A Honda plant in Sayama, Japan was forced to halt domestic production for a day after its network was hit with WannaCry ransomware.
Officials discovered the attack on Sunday, shut down production on Monday, and resumed operations on Tuesday, production at other plants continued throughout the attack, according to Reuters.
The plant has a daily output of around 1,000 vehicles and produces models including the Accord sedan, Odyssey Minivan and Step Wagon compact multipurpose vehicle. Researchers said the loss in productivity in just one day most likely took a toll on the auto manufacturer.
“Automakers are especially vulnerable to network worms like WannaCry because they often use computers with older versions of Windows and those are vulnerable to security flaws,” Cyphort Senior Director of Threat Operations Nick Bilogorskiy told SC Media. “Unlike other businesses such as banks, automakers do not upgrade their factory floor hardware or software aggressively and may get behind in installing patches.”
Bilogorskiy added that even after the ransomware is removed, it may still take weeks or months for a full recovery and the risk of a sudden outburst is high.
“A plant shutdown can cost millions of dollars per day in lost production and, in any event, is likely to far exceed the cost of the ransom,” Synopsys Global Director of Critical Systems Security Mike Ahmadi told SC Media. “Attackers are likely to apply risk management techniques to their attacks going forward that will serve to help them get the most return for each attack.”
Ahmadi added this may not have been the case with the Honda attack but situations like this become more likely when attacks are financially motivated. Experts agree, lost productivity is a huge component to these attacks and must be taken into account to prevent future disruption.
“This is yet another example of how ransomware threatens organizations,” Imperva Security Research Engineer Luda Lazar told SC Media. “Despite having backups and recovery procedures in place, the impact is mainly the downtime, lost productivity and disruption to the normal course of business, which have the potential to cause extensive damage.”
An increasing number of high profile ransomware attacks like this have also been raising the question of what firms should be doing to protect themselves from these kinds of attacks. A month has passed since the initial WannaCry scare and firms are still being hit by the ransomware.
“Yet, despite all the help guides, blogs and news, companies are still being affected,” Tripwire Senior Systems Engineer Paul Norris told SC Media. “The fix and information is out there, so they need to take action now to better protect themselves.”
Norris added that effective measures in defeating these sorts of attacks include implementing an effective email filtering solution that is capable of scanning content on emails, hazardous attachments and general content for untrusted URL’s.
“One of the lessons of this incident is that security is a concern for all type of businesses, including ‘traditional’ ones, and all areas of business, including those that are typically not seen as being ‘online’: nowadays, every business is an online business and can be affected by a security incident, either as part of targeted attacks or as part of random malicious activity,” Lastline Senior Security Researcher Marco Cova told SC Media.
“This incident also shows that security incidents have more and more frequently an impact in the physical world: just like WannaCry affected the ability of the NHS to offer services to its patient, now we have an example of manufacturing capability being impacted by an attack.”