Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Renault And Nissan Plants Hit By Massive Ransomware Attack

Photo credit: Francois Mori/AP Images
Photo credit: Francois Mori/AP Images

French auto giant Renault became the first major French company to report being affected by Friday’s ransomware attack that affected tens of thousands of computers in almost 100 countries across the world, reports Automotive News. An English plant of Renault’s alliance partner Nissan was also hit by the attack.

Advertisement

Renault stopped production across several of its European plants as a result of the attack, which encrypted data on computers until a ransom was paid, according to a Renault spokesman who spoke with Automotive News.

Additionally, a Paris prosecutor has opened an investigation into the attack, which covers “Renault and other possible victims,” per Reuters.

Advertisement

Per our sister-site Gizmodo, the ransomware exploited a Windows security weakness that Microsoft had already released a patch for. (Here’s your ever-so-often reminder to update your machines, folks.)

Renault declined to give a list of all the Renault and alliance member sites were affected by the cyberattack. A Renault plant in Sandouville, France, was one of those confirmed to have shut down.

A Nissan plant in Sunderland, England, was also reported to have halted production however, a Nissan spokesman would not confirm the shutdown to Automotive News—he would only confirm that they were affected by the ransomware attack. The Sunderland plant manufactures the Nissan Leaf, Qashqai, Note and Juke as well as the Infiniti Q30 and QX30.

A spokesman for Renault said that proactive measures have now been put in place, so here’s hoping that included a basic Windows update that IT should’ve been on two months ago.

Moderator, OppositeLock. Former Staff Writer, Jalopnik. 1984 "Porschelump" 944 race car, 1971 Volkswagen 411 race car, 2010 Mitsubishi Lancer GTS.

Share This Story

Get our newsletter

DISCUSSION

Digitalsolo

Hi all, network and security architect here. A few things about this article, its assumptions and some of the comments below...

1. Saying IT should have patched these things a while back is a great statement to make it sound like their IT is incompetent in an article, but it’s disingenuous at best. Microsoft often releases updates that cause unexpected behaviors both in their OS, in their own software products and ESPECIALLY in interaction with 3rd party software, which is often older and imperfect in its coding/design. Sometimes that software may have accidentally (or purposely) used one of the “bugs” being fixed, so updates will cripple it, possibly crippling the business.

Due to these issues, many companies have fairly long processes required to validate and implement these changes, as well as specific change windows these can be completed in. This can push implementation of patches out quite a while and sometimes C level management does not understand WHY it’s critical to push one forward in the system.

I don’t want to absolve the IT guys of blame here. There are myriad clear issues in security in these organizations, my point is just that “should have installed that patch” is easy to say, but not necessarily easy to implement.

2. I see a lot of comments about “should have run a Mac” or “Linux”. That’s silly. Mac hasn’t had anything this bad in quite a while (and is a smaller attach surface in general) but it’s not absolved from risk and that attitude makes it intrinsically risky because people have less fear when using it. There are also limits to what software can be run on it. Linux can be incredibly secure, but remember that the IoT botnets attacking people are almost ALL running lightweight Linux installs. Linux is as secure as you make it, and most IT guys are not capable of making it any more secure than Windows. In fact, I’d argue that most of them that try to use Linux without proper understanding are probably leaving it LESS secure than a fully updated Windows machine. Again, it’s just not that easy and most IT guys, whatever they may believe, do not understand security and how it factors into the big picture nearly as well as they think they do.

Sorry for the ridiculously long post, just something that I felt I should comment on as I have a touch of experience in the realm.