Ransomware has already managed to carve itself a niche as one of the main cybersecurity threats of 2016. But what this article from TechCrunch painfully points out, many are ignoring the next wave of ransomware attacks, which will not target our files, but rather our IoT devices, which can be more dangerous and damaging, given the different nature of IoT security.
Ransomware is a malware program used by criminals to extort money from computer users, often resulting in valuable data being progressively removed until a ransom is paid. Users are cleverly duped into clicking on an infected pop-up advertisement, often from a bogus antivirus supplier, or by opening an infected zip file or website link. There has been a sharp increase in ransomware attacks across Europe recently.
Famous brands of ransomware such as Cryptowall and CTB-Locker are aimed at finding and locking valuable files on targeted machines. Aside from their anonymity, their main strength is their irreversibility — victims have no other choice than forking over the ransom money if they want to regain access to their files (unless they’ve taken precautionary measures, of course). Therefore, the general opinion is that files and sensitive data have financial value, and where they go, ransomware will follow.
For the most part, IoT devices store little or no data, which would logically make them financially irrelevant to ransomware attacks, right?
Wrong.
“While traditional ransomware affects your computer and locks your files, IoT ransomware has the opportunity to control systems in the real world, beyond just the computer,” says Neil Cawse, CEO at Geotab, a manufacturer of IoT and telematics for vehicles. “In fact, due to the many practical applications of IoT technology, its ransomware can shut down vehicles, turn off power, or even stop production lines. This potential to cause far more damage means that the potential for hackers can charge much more, ultimately making it an appealing market for them to explore.”
In fact, with IoT increasingly powering critical devices (such as drug infusion pumps and pacemakers) and industrial systems (such as power grids and water pumping stations), the financial value of locking down IoT ecosystems — and the damage resulting from not unlocking them in time — will rise exponentially.
“Holding data for ransom is one thing,” says Rob Conant, CEO at IoT and cloud platform provider Cirrent, “but shutting down the electricity grid, cars, or traffic lights is quite another. Entire cities or regions could be impacted.”
To read more, click here.
