Honda’s Customer Service and Financial Services were apparently hit by a ransomware attack recently. Kaspersky found samples in the VirusTotal database that make it appear that the company was targeted by the Snake ransomware. This incident made me think about what we can learn from how Honda was targeted to better protect Windows networks from ransomware attacks.
Kaspersky indicated that the malware was launched using a file called nmon.bat. Calling a malicious file with the .bat extension means that alert tools would see that a scriptable or batch file was used in the network. In many environments this would be an allowed file.