Ransomware attack on Toyota Motors, halts production across Japan

Toyota Motor Company suspended all factories in Japan on Tuesday, March 1,  after a critical supplier suffered ransomware that disrupted the automaker’s parts supply management system. The Japanese automobile giant had to suspend 28 production lines at 14 factories across Japan for 24 hours.1

In a statement on March 1, 2022, Toyota said: “We would like to apologize again to our customers, suppliers, and other related parties for any inconvenience caused by today’s sudden shutdown.”2

Figure 1

What is Ransomware?

Ransomware is a sort of crypto virology malware that threatens to publish or permanently limit access to the victim’s data unless a ransom is paid. While some ransomware locks the system in a way that is easy to undo for a trained user, more powerful virus employs a tactic known as crypto viral extortion. It encrypts the victim’s files, rendering them inaccessible, and demands a ransom to decrypt them.


About the Cyberattack

Kojima Industries, a supplier of plastic parts and electronic components for Toyota was the target of this attack. The supplier confirmed Tuesday morning that it shut down its server on Sunday, February 27 after discovering malware and a threatening message, which could indicate it had been the target of a ransomware attack.3

An official close to Kojima Industries told Nikkei: “It is true that we have been hit by a cyberattack. We are still confirming the damage and we are hurrying to respond, with the top priority of resuming Toyota’s production system as soon as possible.”4

The company said that it is still investigating the origin of the attack, as well as the damage caused to its system, “Toyota representatives and cybersecurity experts are at Kojima Industries to determine the cause and how to restore”4

You might be wondering, why does a cyberattack on the supplier effects the Toyota Motor Company? It is because Toyota’s direct suppliers are all linked to the automaker’s ‘kanban’ just-in-time production control system, which causes the threat of the attack at Kojima to spill over into Toyota’s IT systems.


Impact of the Cyberattack

Halting operations across Japan for 24 hours is estimated to impact about 5% of output for the month, which makes up to roughly 13,000 vehicles. Toyota subsidiaries, Daihatsu Motors and Hino Motors also had to stop production, but the exact impact on them is not clear.5

Figure 2

Russia Link?

The attack occurred just after Japan joined Western allies in condemning Russia for invading Ukraine. On the weekend, Japanese Prime Minister Fumio Kishida stated that Japan would join the United States and other countries in barring access to the SWIFT international payment system for selected Russian banks. He also said that Japan would provide $100 million in emergency relief to Ukraine. However, it is unclear whether the two incidents are connected.6

According to Kishida, the government will investigate the event and determine whether Russia was involved in the cyberattack. “Regarding any connection with Russia, it is hard to answer until we have conducted thorough checks.”3

Figure 3

How to respond to Ransomware Attack

=> Report to the authorities

OR

=> Decide whether to pay the ransom

OR

=> Consider the following steps to help remove and reduce the spread of ransomware.

  1. Take your devices offline to stop the ransomware from spreading to other connected devices.
  2. Use the information in the ransom note (e.g. listed URLs) and the new file extensions your encrypted files inherited, to research possible reoccurring attacks and identify the ransomware.
  3. Use the online decryption tool to remove the ransomware from your devices, which should decrypt your files and make them accessible.
  4. If there is no decryption tool available online for your strain of ransomware, safely wipe your device and reinstall the operating system.
  5. Analyze your backup files and ensure they are free of the ransomware or any other malware. Store your backups offline to mitigate the chance of the ransomware infecting your backup files.
  6. Apply any available updates to your devices, hardware, and software. Patch your operating system and ensure all anti-virus, anti-malware, and firewall software are up to date.
  7. Reset credentials including passwords on all systems, devices, and accounts.

References:

  1. https://www.itsecurityguru.org/2022/03/01/toyota-hit-with-ransomware-attack-stops-production/
  2. https://www.cshub.com/attacks/news/iotw-car-production-halted-by-toyota-after-suspected-cyber-attack
  3. https://www.bloomberg.com/news/articles/2022-02-28/toyota-to-halt-plants-after-cyberattack-on-supplier-nikkei-says
  4. https://asia.nikkei.com/Spotlight/Supply-Chain/Toyota-halts-operations-at-all-Japan-plants-due-to-cyberattack
  5. https://www.bleepingcomputer.com/news/security/toyota-halts-production-after-reported-cyberattack-on-supplier/
  6. https://www.reuters.com/business/autos-transportation/toyota-suspends-all-domestic-factory-operations-after-suspected-cyber-attack-2022-02-28/?taid=621cbb9ced681a0001a16ec6&utm_campaign=trueAnthem:+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
  7. Figure 1: https://www.itsecurityguru.org/2022/03/01/toyota-hit-with-ransomware-attack-stops-production/
  8. Figure 2: https://www.istockphoto.com/photo/a-red-arrow-probably-from-a-computer-chart-pointing-down-gm463750989-33309970
  9. Figure 3: https://www.bloomberg.com/news/articles/2022-02-28/toyota-to-halt-plants-after-cyberattack-on-supplier-nikkei-says

Join the Conversation

34 Comments

  1. Great Post! I have read so many blog posts in this class and I am pretty sure I have heard almost every big company getting hacked, Toyota being one of them. No doubt hackers come up with new ways to hack every time but why can not companies back up their data on a daily basis? If Toyota backed up their data offline they would not have to stop production and disappoint the customers. I think this is very unprofessional from Toyota. Plus these days there are increased cyber attacks due to the tension going on between Russia and Ukraine so in my opinion all companies who are a potential target of an attack should back up their data in order to prevent such incidents from happening. Other than that let’s just hope the responsible department finds the source of this attack and catches them.

  2. Interesting post! I have seen a lot of blogs mentioned cyber-attack related to ransomware. There is no doubt that if company want to protect their commercial interests and supply chain, it is necessary to invest budget to prevent cyber-attack. In addition, I do not think Russia has anything to do with this incident. Especially based on the fact that Toyota is a private enterprise. Although current war is a horrible event initiated by Russia, it does not necessarily mean that we should potentially blame everything to Russia. Media should not be a cheap tool for political event.

  3. It is crazy how the ransomware attack right after the Japan have declared that they will be joining Western Allies! Something really seems suspicious here but it is wrong to accuse Russia. It was also surprising to hear that because of one company, it’s motor company had to stop its production for a day. I can’t imagine the loss the Toyota comnapy had to deal with! I have realized even social incident like these days, technologies are related.

  4. Interesting post. There’s definitely a chance that it is an attack targeted at Japan from their involvement in the Ukraine affairs and I expect that attacks such as these will be used more heavily during conflict between countries as societies dependence on technology continues to increase. This is terrifying to any country as large amounts of their income can be temporarily (or permanently) removed from existence depending on the malicious actors intentions. Will be interesting to see how this plays out in the future as technology advances.

  5. I really liked reading this post. Even a major car manufacturer like Toyota is not immune to ransomware attacks and it is interesting to see how large corporations deal with such situations. The impact of this event is intriguing. It really goes to show that information security has a large impact on businesses and the world economy as a whole. Due to the shutting down of Toyota’s operation, they had to forgo 5% of their output for the month which can lead to a major shortage of supply and increase in car prices.

    1. I agree with you! I think this event caused a lot of havoc companies/businesses surrounding Toyota. When this happens it falls down onto the consumer trying to afford their product, but it’s costlier than before because of an attack made towards the company. Along with the companies suffering I think the general public suffers as well.

  6. This is a very good post. With the development of the web, the web has become a necessity for a company to grow. For those multinational companies, the absence of a network almost means the closure of the company. In order to defend against this situation, these companies should prepare alternate solutions to solve this problem. But after seeing so many companies being hacked, I found that these companies never considered this aspect. In other words, they seem to be gambling to see if the hackers will attack them. Compared to the improvement of their own technology, I think these companies should go more to improve their attitude. This irresponsible attitude makes it hard to believe that these companies will not give out their customers’ private information.

  7. Great Post! Toyota has been hit by some kind of cyberattack. Two Japanese production plants belonging to Toyota group truck maker Hino Motors and one plant belonging to Toyota affiliate Daihatsu Motor are affected by the shutdown.

  8. This is a great post! As someone with a background in supply chain, Toyota’s suppliers love to advertise that they supply parts for Toyota due to the extreme vetting that Toyota does to ensure that they receive the best parts, equipment and service that are durable & long lasting. Toyota’s suppliers are heavily integrated with their “Just-in-Time” delivery system, and as a result, the bigger the list of suppliers, the more information is spread out among organizations that may not follow best security practices.

    It is likely that attacking a supplier is much less effort than targeting Toyota themselves, but still results in equally devastating consequences.

  9. Nice post, I like how you include options on what to do if one is hacked.
    Could this be Russian revenge on Japan for blocking Russian banks from the SWIFT international payment methods? It is entirely possible, though I find it unlikely that a private company would be targeted in response to the Japanese government’s actions.

  10. Nice post, It’s crazy how a cyber attack caused the entire company to suspend production at multiple locations due to a ransomware attack. The hackers came up with a smart idea to attack suppliers, and have it leak into the Toyota systems, since it was probably easier to do that then attack Toyota directly. Hopefully it didn’t take too long for Toyota to pay the ransom, or solve the issue another way, and get back to production as soon as they could.

  11. Wow great post! It is incredible to think that a ransomware attack can halt motor vehicle production across a whole country. Hopefully Toyota was able to resolve the attack rather quickly and begin production again. The options you mentioned to avoid being hacked is very informative!

  12. Interesting post! With the conflict between Russia and Ukraine rising, it would seem reasonable to link these cyberattacks to Russia in response to the sanctions imposed (which Japan participated in). And I would only expect these cyberattacks to increase from both sides of the war.

  13. Interesting read. I’ve heard of Ransomware attacks affecting small companies here and there but I never would’ve thought that a Ransomware attack could stop all production of cars! I liked how you outline the steps of what to do when a Ransomware attack occurs. Hopefully Toyota paid off this ransom in order to continue production.

  14. The rate that I am reading about ransomware attacks is quite astounding. Almost every major company is getting hit with the malware and it is showing its far-reaching consequences to the customer as the organization itself. I think ransomware is the most impactful financially because the attacker can quickly make cash from the malware instead of first hacking their computer, stealing their information and selling it for cash. I think it is a matter of time before electric vehicles are infected with ransomware attacks where the owner will need to pay in order to unlock their car lol. Overall, I think this was a interesting read and added another company that suffered from a ransomware attack

  15. I don’t find it surprising that an attack against a massive company such as toyota would happen through its suppliers. I believe that toyota has a very thorough system when it comes to acquiring motor parts, and for a malicious 3rd party, that would already be too much of a hassle, and so going after an important supplier who may not uphold the same standards as toyota would decrease the amount of effort, while still maintaining the same level of consequences against toyota

  16. Great post Arhum, It’s pretty crazy that it is even possible for the parts supplier’s ransomware attack to affect Toyota to such the extent that it did. This is a great example of some of IT securities ‘weakest link’ or maybe ‘butter-fly effect’ type scenarios. Thanks for providing some great tips on what to do if one was ever prone to one of theses attacks, they could happen to anyone and seem to become more and more apparent it today’s connected world.

  17. Hey, nice post. After reading the post I feel like it has something to do with Russia as you clearly stated that this incident occurred right after Japan joined Western allies in condemning Russia for invading Ukraine. This is terrifying to any country as large amounts of their income can be temporarily (or permanently) removed. Therefore, general people of that country will suffer tremendously. It is also nice of you to share some tips on how to respond to ransomware attack.

  18. Really interesting post! It is interesting that there may be a connection between Russia and the ransomware attack on Toyota. While in a lot of my classes ,we talk about the horizontal integration of technology to make production processes easier, we can see a potential downfall here as since it’s supplier got ransomware attacked it had to stop all other processes to avoid them being affected too. It will be very interesting to see how Toyota handles this, whether being paying the fine or finding a fix through it’s tech personnel.

  19. Interesting post! Nobody is safe at this point. It’s not the first time back in May 2021 Toyota experienced a problem in accessing its file server in the internal system, a cyber-attack by unauthorized access from a third party was confirmed as a cause of this issue. This instance demonstrates how closely the two are linked, and how a successful attack on the software supply chain can have significant consequences for the production of physical commodities created.

  20. After joining CPSC 329, I have read numerous blogs and it no longer seems a new issue that a particular company is getting hacked. But I never really thought that it could be connected to politics. It is quite surprising that freedom of speech of a country can lead to a destruction of entire economy. Even a ransomware that stopped Toyota in its production for just a day has lead to such a huge loss. Think about a country’s entire IT system. If somehow hackers get access to a country’s most secured database, the whole nation can fall down in seconds. Talking from Toyota’s perspective, it is not possible to pay off ransom every other day someone tries to hack into their system. Day to day, we see almost every IT system getting exploited.Thereby, I believe it is high time to invest in researches and development towards info-sec.

  21. Reading the plausible connection between this attack and Russia was interesting, especially with the recent events of Japan siding with Ukraine. Ransomware is a scary thing; halting the production of such a major company and impacting 5% of their output really puts them at a loss. A company my father worked for had a similar experience, it does take a huge tole on the company. These posts show how valuable security really is.

    Thanks for the information about responding to ransomware!

  22. Really interesting post! I think that looking at major companies being the victims of ransomware goes to show how even those major companies that have whole departments fore security and IT still get hit with major attacks. It really emphasizes the importance of have a clear system of having backups (whether physical such as hard drives or online with use of storage services) I would not be surprised if this had been related to Japans declaration in siding with the west since the Russian government does not have the best track record on these kind of things, anyway thank you for the great post.

  23. Great post. It seems our poor beleaguered supply chain across the world has fallen victim to both the COVID-19 pandemic, and now it seems that ransomware directed at tertiary players can knock bigger companies down as well. In your opinion, is this a one-off case of a company making a mistake, or should logistics and supply chain industries be concerned about an increase in this sort of threat in the future?

  24. One of the downsides of advancing in technologies is that the threat of cyber attacks is always becoming greater. Just as seen in this story, millions of dollars was likely lost due to an attack not even directly on Toyota, but one of their suppliers. For me though, one of the most interesting points of not only this post, but as I have seen in another, is the possible ties to other current events such as the Russia and Ukraine news. It’s interesting to see everything come full circle. Overall everything in this post was relevant, interesting, and given context so thank you!

  25. Although the timeline between the ransomware attack and Japan’s assistance towards Ukraine seems to line up, it seems like quite a stretch to assume it was Russia that attacked Toyota. I feel like although Toyota is a large target Russia has bigger fish to fry, and I fail to see a proper objective to justify using ransomware rather than malware alone. Very interesting article though! Love the tips and facts about ransomware.

  26. Interesting read! I wonder if Russia actually got involved, as the timing suggests. On the other hand though, a ransomware usually seems to be motivated by monetary interests. As you stated in your post, this attack came with big consequences for Toyota, Kojima Industries, and other clients of Kojima Industries. Therefore the ransom that was being asked for was surely very high.
    I am always impressed when reading about these ransomware attacks and seeing how often they really occur. I used to think that big companies would have very good control over their data and sufficient protection from such attacks, but apparently there is usually enough vulnerabilities that can be exploited. And perhaps the bigger the company, the bigger the ransom the hackers can ask for. This would increase motivation to find vulnerabilities and exploit them.

  27. Awesome Post!!
    Your post just goes to show that even big companies like Toyota (literally the world’s largest automaker) are at risk for ransomware cyber attacks. I read many blog posts on this topic actually and I feel like the ransomware attacks are increasing due to the situation in Russia. It truly is crazy that they had to shut down 28 production lines at 14 factories in just one day. The ransomware attacks are getting pretty serious.

  28. This is deeply concerning how firms like Toyota can get compromised by the ransomware so easily. Since production includes a supply chain, striking one section of the supply chain means the other actors will also have to halt activities because we can see that by having their supplier be targeted, Toyota had to suspend their production. Manufacturers like Toyota are prime targets because they contribute significantly to their country’s economies and the thought of Russia being behind this is not a wild claim, especially given the timing of the event. We have reached a new age of warfare where it’s not only about guns blazing and grenades exploding, it’s now also handled behind closed doors on computers. Attacking significant networks like that of major firms of an enemy state is a swift strategy to make governments feel wary of their behaviour. Russia has motives of their own and they would impose cyberwarfare on any nation-state that would get in their way. It is more convenient this way as it is harder to trace back such attacks and vilify them, unlike conventional warfare.

  29. Great post. It’s pretty surprising that such a big company like Toyota is now also involved in a ransomware attack. It seems that hackers around the world are beginning to think of new ways to attack various companies and this is very scary. It’s also pretty interesting that it relates to the whole conflict going on between Russia and Ukraine. I just read another blog post that also resulted in a cyberattack due to this conflict. It’s very scary that modern warfare is involving the use of technology.

  30. Great post! I really like that you included a section on what to do if you are targeted by a Ransomware attack. I suppose that I shouldn’t be surprised at this point in the course, but I’m still taken off guard by the fact that multi billion dollar firms like Toyota still leave themselves vulnerable to security risks like these. It’s interesting that the Japanese government would raise the possibility that the attacks were Russian in origin at all without thoroughly vetting that claim, and I would be curious to see if they are correct in light of what’s happening geopolitically. Cyber attacks on major firms would be an interesting tool for Russians to use in response to western sanctions.

  31. Posts like this make me wonder whether it is worth it to make formerly “analogue” processes such as supply chain management dependent on software. It brings significant gains in efficiency, but it also leads to new vulnerabilities. Given the fact that cyberattacks will only grow in sophistication over time, it is hard to assess the costs and benefits of adding a significant software component to processes that do not need it.

  32. Excellent read,
    This goes to show that countries can have cyber warfare teams and act on their motives (whether it be political,economic etc.) through their “teams”.
    If Russia wanted to dominate say the oil market, they could potentially knock down their competitors infrastructure and make themselves the only remaining company on the market. Is it ethical then, to buy from an organization or country that uses cyber warfare to sweep the market?

  33. Super interesting post!! It is a bit scary that this can happen on such a large scale, and it really shows the strong consequences arising from such an attack. It provides perspective as to why it is so important to make sure everything is able to remain secure. Additionally, one thing to note is that I believe most ransomware don’t give your data back, even after paying, which is quite unfortunate, considering the large sum they take from unsuspecting individuals. It is scary that there could be a possible link to Russia, considering the current political climate. All things considered, really good job!! It was very interesting.

Leave a comment