Ransomware has already managed to carve itself a slot as one of the main cyber security threats in recent years. Individuals, government agencies, and private organizations are each taking precautionary steps to protect against ransomware that can encrypt files beyond one’s reach.
What we’re ignoring though is the next wave of ransomware attacks which will not target our files but rather our IoT devices which can be more dangerous and damaging, given the different nature of IoT security.
IoT ransomware has been mentioned and discussed on a few occasions, including at a recent RSA conference 2017, but has not been given serious consideration because it is being examined in the same light as the more traditional breed of ransomware.
Here’s what makes IoT ransomware a different and possibly more dangerous threat.
IoT ransomware is not just holding your data hostage
Famous brands of ransomware such as Cryptolocker and CTB Locker are designed in finding and encrypting valuable files on targeted machines. Apart from their strong ability to remain untraceable, their main strength is their irreversibility, i.e. it’s impossible to change back or retrieve the files that are encrypted by these ransomware. Victims have no other choice than paying over the ransom money if they want to regain access to their files (unless they’ve taken precautionary measures, of course). So, the common opinion is that files and sensitive data have financial value, and until they exist, ransomware will play its role.
So, the general idea is that IoT devices have nothing to do with storing data, logically making them irrelevant to such ransomware attacks, right?
No way!!! we are completely wrong.
The traditional ransomware affects computer and locks user files, but IoT ransomware can control systems in the real world, beyond just the computer. Nowadays there are many practical applications of IoT technology. Ransomware can shut down vehicles when it’s on run (deny service until the ransom is paid), deny service to a critical IoT device, or even complete control and stop production lines. This potential to cause far more damage, which means that the potential for hackers to demand much more ransom. This would ultimately make an appealing market for hackers to explore.
Some argue that in most cases IoT hacks can be easily reversed with a simple device reset. However, the incentive to pay for IoT ransomware will not stem from irreversibility but rather from the timeliness of the attack and the criticality and potential losses of losing access to critical devices for any amount of time.
In fact, with IoT increasingly powering critical devices such as drug infusion pumps and pacemakers and industrial systems such as power grids and water pumping stations, the financial value of locking down IoT ecosystems and the damage resulting from not unlocking them in time will rise exponentially.
Holding data for ransom is one thing but shutting down the electricity grid, cars, or traffic lights at a critical time is quite another. Entire cities or regions could be impacted.
Most concerning is the threat against organizations who rely on IoT devices for Industrial Control Systems (ICS). This includes electric grid, hospitals, and large-scale automated manufacturing operations among others.
There will be a lot of big players affected by such ransomware attacks. Industrial IoTs and consumer IoTs like household devices will also be affected.
The detailed discussion about the impact of attacks will be published in the next edition of this blog. It will also cover the possible prevention methods to create a secure environment. Next installment will be released shortly.