{"id":2291,"date":"2022-03-03T03:58:04","date_gmt":"2022-03-03T10:58:04","guid":{"rendered":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/?p=2291"},"modified":"2022-03-04T13:52:18","modified_gmt":"2022-03-04T20:52:18","slug":"ransomware-attack-on-toyota-motors-halts-production-across-japan","status":"publish","type":"post","link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/2022\/03\/03\/ransomware-attack-on-toyota-motors-halts-production-across-japan\/","title":{"rendered":"Ransomware attack on Toyota Motors, halts production across Japan"},"content":{"rendered":"\n

Toyota Motor Company suspended all factories in Japan on Tuesday, March 1,  after a critical supplier suffered ransomware that disrupted the automaker’s parts supply management system. The Japanese automobile giant had to suspend 28 production lines at 14 factories across Japan for 24 hours.1<\/sup><\/p>\n\n\n\n

In a statement on March 1, 2022, Toyota said: \u201cWe would like to apologize again to our customers, suppliers, and other related parties for any inconvenience caused by today’s sudden shutdown.\u201d2<\/sup><\/p>\n\n\n\n

\"\"
Figure 1<\/figcaption><\/figure>\n\n\n\n
\n\n\n\n

What is Ransomware?<\/strong><\/strong><\/p>\n\n\n\n

Ransomware is a sort of crypto virology malware that threatens to publish or permanently limit access to the victim’s data unless a ransom is paid. While some ransomware locks the system in a way that is easy to undo for a trained user, more powerful virus employs a tactic known as crypto viral extortion. It encrypts the victim’s files, rendering them inaccessible, and demands a ransom to decrypt them.<\/p>\n\n\n\n

\n\n\n\n

About the Cyberattack<\/strong><\/p>\n\n\n\n

Kojima Industries, a supplier of plastic parts and electronic components for Toyota was the target of this attack. The supplier confirmed Tuesday morning that it shut down its server on Sunday, February 27 after discovering malware and a threatening message, which could indicate it had been the target of a ransomware attack.3<\/sup><\/p>\n\n\n\n

An official close to Kojima Industries told Nikkei<\/a>: “It is true that we have been hit by a cyberattack. We are still confirming the damage and we are hurrying to respond, with the top priority of resuming Toyota’s production system as soon as possible.”4<\/sup><\/p>\n\n\n\n

The company said that it is still investigating the origin of the attack, as well as the damage caused to its system, “Toyota representatives and cybersecurity experts are at Kojima Industries to determine the cause and how to restore”4<\/sup><\/p>\n\n\n\n

You might be wondering, why does a cyberattack on the supplier effects the Toyota Motor Company? It is because Toyota’s direct suppliers are all linked to the automaker’s \u2018kanban\u2019 just-in-time production control system, which causes the threat of the attack at Kojima to spill over into Toyota\u2019s IT systems.<\/p>\n\n\n\n

\n\n\n\n

Impact of the Cyberattack<\/strong><\/p>\n\n\n\n

Halting operations across Japan for 24 hours is estimated to impact about 5% of output for the month, which makes up to roughly 13,000 vehicles. Toyota subsidiaries, Daihatsu Motors and Hino Motors also had to stop production, but the exact impact on them is not clear.5<\/sup><\/p>\n\n\n\n

\"\"
Figure 2<\/figcaption><\/figure>\n\n\n\n
\n\n\n\n

Russia Link?<\/strong><\/p>\n\n\n\n

The attack occurred just after Japan joined Western allies in condemning Russia for invading Ukraine. On the weekend, Japanese Prime Minister Fumio Kishida stated that Japan would join the United States and other countries in barring access to the SWIFT international payment system for selected Russian banks. He also said that Japan would provide $100 million in emergency relief to Ukraine. However, it is unclear whether the two incidents are connected.6<\/sup><\/p>\n\n\n\n

According to Kishida, the government will investigate the event and determine whether Russia was involved in the cyberattack. \u201cRegarding any connection with Russia, it is hard to answer until we have conducted thorough checks.\u201d3<\/sup><\/p>\n\n\n\n

\"\"
Figure 3<\/figcaption><\/figure>\n\n\n\n
\n\n\n\n

How to respond to Ransomware Attack<\/strong><\/p>\n\n\n\n

=> Report to the authorities<\/p>\n\n\n\n

OR<\/p>\n\n\n\n

=> Decide whether to pay the ransom<\/p>\n\n\n\n

OR<\/p>\n\n\n\n

=> Consider the following steps to help remove and reduce the spread of ransomware.<\/p>\n\n\n\n

  1. Take your devices offline to stop the ransomware from spreading to other connected devices.<\/li>
  2. Use the information in the ransom note (e.g. listed URLs) and the new file extensions your encrypted files inherited, to research possible reoccurring attacks and identify the ransomware.<\/li>
  3. Use the online decryption tool to remove the ransomware from your devices, which should decrypt your files and make them accessible.<\/li>
  4. If there is no decryption tool available online for your strain of ransomware, safely wipe your device and reinstall the operating system.<\/li>
  5. Analyze your backup files and ensure they are free of the ransomware or any other malware. Store your backups offline to mitigate the chance of the ransomware infecting your backup files.<\/li>
  6. Apply any available updates to your devices, hardware, and software. Patch your operating system and ensure all anti-virus, anti-malware, and firewall software are up to date.<\/li>
  7. Reset credentials including passwords on all systems, devices, and accounts.<\/li><\/ol>\n\n\n\n
    \n\n\n\n

    References:<\/strong><\/p>\n\n\n\n

    1. https:\/\/www.itsecurityguru.org\/2022\/03\/01\/toyota-hit-with-ransomware-attack-stops-production\/<\/a><\/li>
    2. https:\/\/www.cshub.com\/attacks\/news\/iotw-car-production-halted-by-toyota-after-suspected-cyber-attack<\/a><\/li>
    3. https:\/\/www.bloomberg.com\/news\/articles\/2022-02-28\/toyota-to-halt-plants-after-cyberattack-on-supplier-nikkei-says<\/a><\/li>
    4. https:\/\/asia.nikkei.com\/Spotlight\/Supply-Chain\/Toyota-halts-operations-at-all-Japan-plants-due-to-cyberattack<\/a><\/li>
    5. https:\/\/www.bleepingcomputer.com\/news\/security\/toyota-halts-production-after-reported-cyberattack-on-supplier\/<\/a><\/li>
    6. https:\/\/www.reuters.com\/business\/autos-transportation\/toyota-suspends-all-domestic-factory-operations-after-suspected-cyber-attack-2022-02-28\/?taid=621cbb9ced681a0001a16ec6&utm_campaign=trueAnthem:+Trending+Content&utm_medium=trueAnthem&utm_source=twitter<\/a><\/li>
    7. Figure 1: https:\/\/www.itsecurityguru.org\/2022\/03\/01\/toyota-hit-with-ransomware-attack-stops-production\/<\/a><\/li>
    8. Figure 2: https:\/\/www.istockphoto.com\/photo\/a-red-arrow-probably-from-a-computer-chart-pointing-down-gm463750989-33309970<\/a><\/li>
    9. Figure 3: https:\/\/www.bloomberg.com\/news\/articles\/2022-02-28\/toyota-to-halt-plants-after-cyberattack-on-supplier-nikkei-says<\/a><\/em><\/li><\/ol>\n","protected":false},"excerpt":{"rendered":"

      Toyota Motor Company suspended all factories in Japan on Tuesday, March 1,  after a critical supplier suffered ransomware that disrupted the automaker’s parts supply management system. The Japanese automobile giant had to suspend 28 production lines at 14 factories across Japan for 24 hours.1 In a statement on March 1, 2022, Toyota said: \u201cWe would like … <\/p>\n

      Continue reading “Ransomware attack on Toyota Motors, halts production across Japan”<\/span><\/a><\/p>\n","protected":false},"author":372,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[15],"tags":[16,47],"class_list":["post-2291","post","type-post","status-publish","format-standard","hentry","category-cpsc-329-602-w22","tag-cpsc329","tag-ransomware","entry"],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Arhum Ladak","author_link":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/author\/arhum-ladak\/"},"_links":{"self":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/users\/372"}],"replies":[{"embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/comments?post=2291"}],"version-history":[{"count":6,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2291\/revisions"}],"predecessor-version":[{"id":2322,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/posts\/2291\/revisions\/2322"}],"wp:attachment":[{"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/media?parent=2291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/categories?post=2291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpsites.ucalgary.ca\/isec-601-f21\/wp-json\/wp\/v2\/tags?post=2291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}