Japanese automaker Honda shut down production at one of its facilities for one full day as it removed WannaCry ransomware from its network.
WannaCry ended up discovered on Honda’s systems Sunday, almost one month after the ransomware outburst started, but the company’s IT department put in place several protection systems that apparently did not work, according to a Reuters report.
The WannaCry ransomware is based on an exploit stolen by hacking group Shadow Brokers from the NSA last summer and posted online earlier this year. The exploit takes advantage of a vulnerability in the SMB service in Windows and affects all versions of Microsoft’s operating system. WannaCry encrypts files on a compromised system and requires the victim to pay between $300 and $600 for the decryption key.
Microsoft delivered patches for supported Windows versions in March, while in mid-May the firm decided to roll out emergency updates for unsupported releases as well, including Windows XP.
It’s not known what protection systems Honda’s engineers installed on systems that are part of its network.
Honda first detected the WannaCry infection in its network Sunday, so the next day the automaker decided to suspend production at the Sayama plant northwest of Tokyo to remove the ransomware and prevent it from spreading to other systems. Networks in North America, Europe, China, and other regions were also compromised, Honda said, but production at all the other facilities was not affected.
The Japanese manufacturing plan hit the hardest by WannaCry produced models like the Accord sedan, Odyssey Minivan and Step Wagon compact MPV, with a capacity of 1,000 vehicles per day.
Honda isn’t the only company whose computers got compromised by WannaCry, with Renault and Nissan also discovering the ransomware on its systems at production facilities in Japan, the UK, France, Romania, and India.