Renault-Nissan resumes nearly all production after cyber attack

PARIS/TOKYO (Reuters) - Renault-Nissan RENA.PA7201.T said on Monday that output had returned to normal at nearly all its plants, after a global cyber attack caused widespread disruption including stoppages at several of the auto alliance's sites.

A Renault logo covered with mud and dust is seen on a car in Paris, France, March 15, 2017. REUTERS/Gonzalo Fuentes

Renault and its Japanese partner are the only major car manufacturers so far to have reported production problems resulting from Friday’s WannaCry ransomware worm attack that spread to more than 150 countries.

Nissan said its huge factory in Sunderland, northeast England was operating normally, after Friday’s initial outbreak disrupted the final production shift before the weekend.

However, manufacturing remained suspended at the Douai plant in northern France, where Renault builds pricier models including its Talisman sedan and Espace crossover, the company said.

The cyber attack halted or reduced the output of at least five Renault sites over the weekend. Besides Douai, they included a van plant in Sandouville, France; a small-car plant in Slovenia; the no-frills Dacia plant in Pitesti, Romania; and a factory shared with Nissan in Chennai, India.

“All Renault Group sites are operational with the exception of Douai, which reopens tomorrow,” a spokesman said. Lost production will be made up, he added, and the financial impact has yet to be calculated.

Renault-Nissan's main rivals appeared to escape any disruption. PSA Group PEUP.PA, Fiat Chrysler FCHA.MI, Volkswagen VOWG_p.DE, Daimler DAIGn.DE, Toyota 7203.T and Honda 7267.T all said their plants were unaffected.

They declined to comment on their cybersecurity policies. “If we give any information on our systems we would be sending a message to potential hackers,” a PSA spokesman said.

The attack damaged some high-profile targets, including Britain’s health service. But experts say the concentration of infections in emerging markets, with relatively low numbers in Europe and the United States, reflects the way they mainly affected older Windows computer systems.

Paul Pratley of London-based MWR Infosecurity said WannaCry had in many cases hit budget-strapped organizations or older business units where it no longer made economic sense to upgrade hardware or software aggressively.

“This primarily affected organizations using versions of Windows which are no longer supported, or which had not put mitigating controls like firewalls in place,” he said.

Renault declined to say whether it saw any pattern of outages linked to geography, software generations or other factors. “There is a diversity of operating systems in use” at group facilities, the spokesman said.

The stoppages were deliberate and preventive, Renault said, as sites reporting infections were unplugged from the network to prevent their spread. A Renault parts plant in Le Mans, France, which continued operating over the weekend without incident, has recently undergone refurbishment.

Reporting by Laurence Frost and Naomi Tajitsu; Additional reporting by Eric Auchard in Frankfurt, Gilles Guillaume in Paris and Costas Pitas in London; Editing by Susan Fenton