All 14 Toyota Motor plants nationwide suspended operations on March 1 following a cyberattack against one of the company’s parts suppliers. The Yomiuri Shimbun has learned that the hacker group known as “Robin Hood” was involved in the attack.
The “ransomware” virus used by the hacker group was one that had never been detected in Japan before. Since it was unknown how the virus would act and it took time to investigate the damage caused by the attack, Toyota was forced to go forward with a large-scale shutdown.
Kojima Industries Corporation (Toyota City, Aichi Prefecture), an automobile parts manufacturer, discovered the cyberattack on Feb. 26. The company’s order and supply system was shut down, and parts production was rendered inoperable. Toyota tried to help its supplier recover from the attack, knowing that, if it were unable to receive parts, all Toyota plants would have to be shut down.
According to Toyota officials, systems hit by a cyberattack are restored based on information on similar viruses used in past cyberattacks. Because there was no information on damage caused by the Robin Hood virus, however, it was not known how the virus would act.
Toyota decided it necessary to carefully examine its cyber-response measures with security experts and abandoned the idea of restoring operations on March 1. As a result, all Toyota plants were shut down for the first time ever, and production of approximately 13,000 vehicles was halted.
After the safety of Kojima’s system was confirmed, all Toyota plants resumed operations on March 2. (Abridged)