From Internet of Things (IoT) to Ransomware of Things (RoT)
While IoT faces several challenges in the form of cyber fraud, one of the biggest challenges it faces is the likelihood of ransomware attacks. Unfortunately, we ignore the beginning of the next wave of ransomware attacks, which aim at the encryption of IoT devices. This is particularly dangerous given the ubiquitous and diverse nature of the Internet of Things. (8, 9)
Ransomware is a malicious type of software that restricts access to important information in such a way that it requires a payment before it gets access to it. Ransomware attacks are usually carried out with a Trojan, which is disguised as a legitimate file, which the user downloads or opens when it arrives as an email attachment. One of the best-known examples of this is the WannaCry worm, which wanders through the computer without user interaction. (4, 9)
Despite the fact that IoT devices have serious security weaknesses, it is premature to speak of looming ransomware threats to smart homes and connected cars. IoT ransomware can steal important data and personal information (for example, surveillance cameras connected to networks or fitness equipment) and blackmail people by threatening to publish their sensitive information online. (8)
We can conclude that the hackers benefit from attacks on consumer IoT devices is small. Every time a compromise is reached, hackers target a specific type of device, reducing the number of potential victims. (8)
Ransomware attacks are the number one threat to businesses and government agencies in 2020 due to data breaches. They account for 23 percent of all malicious software and malware used to breach systems and networks. Consider the serious and life-threatening effects that ransomware can have on smart devices and critical applications. (3, 5)
Organisations have been hit by ransomware attacks of unprecedented scale in 2017. Attacks on organisations have increased by 20 per cent on the previous year, and researchers expect the situation to get worse. A report claims that the average number of ransomware attacks in 2017 has increased by 23 percent compared to 2016, and the discoveries were 2,000 percent higher than 2015. (3, 5)
Malware targeting Internet of Things (IoT) devices rose to 20.2 million, 50 times more than last year. These include appliances such as fridges, baby cameras, doorbells and games consoles. The increasing use and usage of the IoT for personal reasons makes it an ideal destination for ransomware. (0, 10)
Some IoT systems are more outdated than other systems and not prepared for malicious attacks such as Internet malware and ransomware. While traditional Ransomware affects devices such as computers by locking files, IoT devices and Ransomware are able to control larger systems in the real world. (10)
The fact that IoT Ransomware was not paid enough attention, stems from the fact that it is perceived in the same light as traditional ransomware. It does not receive nearly enough attention and does not look at everything from the right perspective, leading to its underestimation and potentially catastrophic consequences, which can lead not only to financial losses but also to the loss of human lives. (1)
Ransomware has developed into a more sophisticated attack, since it has become more resilient, but at the same time it is also more accessible. Ransomware is growing with Internet users and IoT environments, which is a challenging problem for infosec due to the increasing attack area. (4)
This means that Ransomware attackers increasingly fall back on older forms of Ransomware, such as the one that locks your device for ransom, until you get back access to its functionality. These older forms are trivial to overcome by resetting your device and installing new patches and updates that are easy to perform on IoT devices and PCs. (1)
Ransomware attacks can affect production lines of IoT manufacturers, multiple locations and other internal operations. However, many say that most cases of IoT hacks can be reversed with a simple reset of the device. (2, 10)
The ransomware attack on the leading manufacturer of Internet of Things (IoT) Sierra Wireless this week has grounded its production activities and stopped or frozen various other internal operations. The attack occurred on March 20, forcing the company out of its IT systems and halting production at its production sites. Sierra Wireless manufactures a wide range of communication devices, from gateways and routers to mobile modem modules and intelligent connectivity solutions for IoT devices. (2)
The Internet of Things (IoT) refers to physical objects that are connected to each other and send data over the network. Things like smart refrigerators, thermostats, baby phones, and security systems are convenient, but also vulnerable to cyber attacks. (7)
IoT has launched a number of new networks of connected devices, but one of the potential entry points for malicious attacks is the lack of established security standards for the technology. For many companies, the uncertainty surrounding the backup of IoT devices is highlighted by Spiceworks State of the IT report, which shows that only 29 percent of organizations have adopted the IoT, with an additional 19 percent planning to do so this year. The data also shows that only 36 percent of IT professionals have confidence in their ability to respond to cyberattacks on IoT devices. (5)
WannaCry is a ransomware that was developed by the National Security Agency of the United States and released in 2017 by a cybercrime group called Shadow Brokers. It is one of the best-documented ransomware attacks of all time involving major media companies, leading politicians and famous actors. (3)
The real question will then be how to prevent a ransomware attack is successful. If someone is infected with a ransom message and does not want to see his computer, the message can show that the Ransomware infection was successful. At this point, there are steps that can be taken to respond to an active Ransomware infection, or an organization can make the decision to not pay the ransom. (3, 6)
How to mitigate an active Ransomware infection many successful Ransomware attacks are detected when the data encryption is finished and a ransom note is displayed on the infected computer screen. (6)
Cited Sources
Shein, E. (2020, July 23). Malware is down, but IoT and ransomware attacks are up. TechRepublic. https://www.techrepublic.com/article/malware-is-down-but-iot-and-ransomware-attacks-are-up/ (0)
Dickson. (2021). The IoT ransomware threat is more serious than you think. IoT Security Foundation. https://www.iotsecurityfoundation.org/the-iot-ransomware-threat-is-more-serious-than-you-think/1
O’Donnell, L. (2021, March 24). Ransomware Attack Foils IoT Giant Sierra Wireless. Threatpost. https://threatpost.com/ransomware-iot-sierra-wireless/165003/ 2
Levine, J. (2021, May 5). 7 things every CISO must know about ransomware. 2021–05–06 | Security Magazine. https://www.securitymagazine.com/articles/95140-things-every-ciso-must-know-about-ransomware 3
Wikipedia contributors. (2021, June 24). Ransomware. Wikipedia. https://en.wikipedia.org/wiki/Ransomware 4
Banfield, M. (2020, February 10). Internet of Things: Preventing The Next Wave of Ransomware Attacks. Compare the Cloud. https://www.comparethecloud.net/articles/iot-ransomware-attacks-threat/ 5
Check Point Software. (2021, May 21). Ransomware Attack — What is it and How Does it Work? https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/ 6
Prevent IoT Ransomware: Best Practices from the SecurityMetrics SOC. (2020). SecurityMetrics. https://www.securitymetrics.com/blog/prevent-iot-ransomware-best-practices-securitymetrics-soc 7
N. (2019, September 21). Ransomware and the Internet of Things. Cyber Defense Magazine. https://www.cyberdefensemagazine.com/ransomware-and-the-internet-of-things/ 8
Internet of things and ransomware: Evolution, mitigation and prevention. (2021, March 1).ScienceDirect.https://www.sciencedirect.com/science/article/pii/S1110866520301304 (9)
valeonetwork. (2020, October 17). How Ransomware Attackers Will Start Targeting Household Items, Like Your Smart TV. Valeo Networks. https://www.valeonetworks.com/how-ransomware-attackers-will-start-targeting-household-items-like-your-smart-tv/ (10)
