Security News > 2020 > June > Snake Ransomware Delivers Double-Strike on Honda, Energy Co.

The ICS/SCADA-focused malware is likely behind a duo of attacks this week, on Honda and a South American energy company, researchers said.

The Snake ransomware has reportedly hit two high-profile companies this week: Honda and a South American energy-distribution company called Enel Argentina.

In a tweet on Monday, the Honda Automobile Customer Service said it was "Experiencing technical difficulties and are unavailable." And later, the Japanese auto giant told the BBC that "Honda can confirm that a cyberattack has taken place on the Honda network."

The researchers explained, "We tested the ransomware samples publicly available in our lab, by creating a fake internal server that would respond to the DNS query made by the malware code with the same IP address it expected. We then ran the sample alleged to be tied to Honda against Malwarebytes Nebula, our cloud-based endpoint protection for businesses. We detect this payload as 'Ransom.Ekans' when it attempts to execute." EKANS is another name for Snake in security firms' telemetry - it's just "Snake" backwards.

Clements also warned that while Honda noted that no PII appears to have been accessed, the Snake ransomware team has historically attempted to exfiltrate sensitive information before encrypting their victim's computers.

News URL

https://threatpost.com/snake-ransomware-honda-energy/156462/