Ransomware continues to threaten anyone using a Windows, macOS, or Android device, and individuals and business owners alike are paying ransoms because they don’t adequately protect their systems. While anti-ransomware solutions are available for devices like laptops, PCs and mobile phones, other Internet of Things (IoT) devices remain at risk.
When the current wave of ransomware attacks began in 2015, security researchers started to talk about ransomware infecting connected cars medical equipment and wearable devices. Since then, it’s been proven that such predictions are possible – all of these connected technologies can be infected with ransomware.
Let’s take a look at each category to understand how these IoT devices are under threat.
Nowadays both personal and commercial cars have at least some connectivity functionality. Many cars, for example, have head units based on Android, Linux or Windows systems – platforms that all face existing ransomware threats that can be easily used to target these devices.
A lot of Android head units are manufactured in China and the OS is rooted at the factory. They are designed so you can easily customize the unit by installing Android software directly from Google Play or as an Android Package Kit (APK) file. In many ways, they are like Android tablets – giving you access to your Google account, cloud-based files, and the internet.
Unfortunately, that convenience and ability to customize come with an increased vulnerability to ransomware. Imagine browsing the web from your car’s head unit, when you visit an infected or malicious website. Ransomware could infect your system and spread to your smartphone and other devices – putting remote accounts, emails, messages, and all your files at risk.
Attacks could be even more traumatic, too. Researchers have already demonstrated that your car can be remotely tracked, controlled, and disabled. Imagine having your car taken over by criminals who drive you to an area where you can’t get help quickly.
In the best case, if nothing else happened, you would be inconvenienced and it would take a day to wipe your car’s system so you could drive it again. The worst case could have the cybercriminals locking you in to your disabled car and contacting you over the head unit to demand a ransom – threatening you by keeping you locked in, or crashing you into a wall if you refused to pay. It may sound extreme, but it is completely possible.
For businesses, connected cargo trucks could be at risk. Any delay could cause big financial losses, so companies might be willing to pay more to unblock tracking information or make a truck operable again.
The list of potential scenarios is endless, but you get the idea: connectivity is useful and necessary, but can also deliver disastrous consequences if left unprotected.
Throughout the developed world, we are seeing more and more smart homes. You can remotely control all devices, manage your heat and electricity, and even un/lock your home. As we’ve explained above, however, such connectivity also invites in new threats.
It’s now possible for cybercriminals to track your activity, knowing when you go away. Through an infected home network, they can raise the temperature or turn on the oven or water remotely.
Would you pay a ransom to keep your house from burning down, or to avoid a huge electric bill?
It’s just a matter of time before the bad guys try to make money by launching such an attack.
Even if you don’t work in the medical field, you know that there are a lot of useful medical devices that are essential not only for diagnosing patients but keeping them alive as well. There are many recent cases of hospitals being hit by ransomware, wreaking havoc and threatening patients’ lives. If an attack targets MRI machines or life support devices directly, the stakes are much greater.
These IoT devices often run Linux or another common operating system, which as we’ve discussed, can be easily infected by ransomware. Medical equipment is usually connected via Ethernet to a network, which means if one device is attacked, a mass-infection of the entire network is possible.
In such a situation, the potential loss of life is real. If an MRI scan is locked, for example, the hospital cannot process patients with severe traumas. The bad guys have the advantage here, so a hospital might naturally pay a large amount of money to quickly get their patient out of harm’s way.
In the last couple of years, there has been a lot of noise that wearable devices are likely to be the next target. The media even coined the term “ransomwear.” With Android and Apple Watch devices, this is technically possible. (Yes, even iOS devices are at risk.)
The lack of profitability seems to be holding this particular threat at bay for now, since cybercriminals would have a hard time extorting enough to make such attacks worthwhile.
In most cases, if your watch or other similar device becomes infected, you can reset it. You’ll probably just lose connectivity, a few apps, and some data. It’s a headache, but an easy fix. To convince people to pay, the bad guys could only ask for a small amount (maybe $5) to unblock it.
The question cybercriminals have to ask is: how many people do we have to infect before it becomes worthwhile to cover the malware development and distribution expenses? So far, their time is better spent infecting Windows machines, many of which are still not ready to defeat a ransomware attack ... but the time may come when wearables become a profitable target.
What You Can Do
At the beginning of 2017 we introduced Acronis Active Protection, the backup industry’s first and only anti-ransomware technology. Initially it covered Windows devices, while macOS X protection was added later in the year. Now we are working on Active Protection for Linux and have plans for mobile devices, too.
More good news: Acronis Active Protection is available as a software development kit (SDK), so it can be integrated into a variety of other IoT devices running the vulnerable operating systems we’ve mentioned. That is, IoT device manufacturers can add Acronis Active Protection to their own systems so they are protected from ransomware the moment they leave the factory. If this precaution is taken, consumers and businesses can rest assured that brand new devices come out of the box uninfected with ransomware. That means that you can keep your business (or car) running, and hospitals can focus on what they do: save lives.
While we are not yet facing all of the situations described above, it is important to anticipate challenges and prepare. After all, criminals are doing their due diligence to exploit new weaknesses. For now, Acronis makes it easy to protect desktops, laptops, and mobile devices ... but we’re getting ready for what’s to come, because stormy weather is clearly on the horizon.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.