Automotive hose manufacturer hit by ransomware, shuts down production control system

A US subsidiary of Nichirin Co., a Japan-based company manufacturing and selling automotive hoses and hose parts, has been hit with ransomware, which resulted in the shut down of the subsidiary’s network and production control system.

What happened?

According to a press release published by Nichirin Co. on Wednesday, the affected subsidiary is Texas-based NICHIRIN-FLEX U.S.A., which experienced “unauthorized access from the outside” on June 14, 2022, and resulted in their server(s?) getting infected with ransomware.

To prevent the threat spreading to the networks of the parent company and those of other Nichirin subsidiaries around the world, the affected network was shut down and apparently the action was quick enough for the ransomware to be contained. Still, the company said, they are “continuously monitoring for any abnormalities.”

“We are proceeding with countermeasures and restoration for the blocked network,” Nichirin said, but noted that “it will take some time to investigate the causes of unauthorized access and the effects of information leaks.”

In the meantime, the subsidiary has switched to manual production and shipping, and is are working to ensure that the incident doesn’t interfere with delivery.

Nichirin’s website is also currently sporting a prominent alert about a temporary “malfunction” of their website on June 17, which made it inacessible for several hours, and about suspicious emails spoofing the company.

According to the press release, the company has yet to determine whether the site outage is connected to the breach.

The company also says that the malicious emails impersonating the company have been sent to targets outside the company, and is warning recipients not to reply to them, access URLs or open attachments included in them.

“If you reply to these emails, there are risks of fraud, virus infection, or leakage and misuse of your personal information,” the company says.

It is still unclear whether these emails have anything to do with the breach, and whether attackers have spoofed the company’s email addresses or compromised their email servers and hijacked legitimate email accounts and email threads.

Manufacturing sector under ransomware attack

Cybercriminals wielding ransomware have been targeting all types of businesses in all types of sectors, and that includes the manufacturing sector. In fact, according to IBM Security’s latest X-Force Threat Intelligence Index, manufacturing became the most ransomware-targeted industry in 2021.

“Experiencing more ransomware attacks than any other industry, attackers wagered on the ripple effect that disruption on manufacturing organizations would cause their downstream supply chains to pressure them into paying the ransom,” the company noted.

Previous prominent attacks include those against a Belgian aircraft parts maker, a Swiss manufacturer of municipal and agriculture machinery, Foxconn, automotive supplier Denso, and many others.

Interestingly enough, though, the results of a recent survey of 5,400 IT managers across the world, which included 438 IT managers from the manufacturing and production sector, has shown that those organizations had the lowest propensity to pay the ransom of all the sectors surveyed.

“A likely reason for this (…) is the sector’s impressive ability to restore the encrypted data using backups,” the Sophos report revealed.