IoT Ransomware

IoT Ransomware:
Growing Threat to Unmanaged Devices

IoT ransomware is a growing security threat. In its basic form, attackers will encrypt your files and demand money in exchange for the decryption key. Due to the small amount of data on IoT devices, some people believe IoT ransomware is not a risk. However, this is not true for two reasons:

  1. IoT devices can provide attackers with a back door into your network.
  2. Ransomware that threatens the device’s function can be even more dangerous.

One example is a variant known as siegeware, which attacks smart buildings and attackers lock all doors and refuse to let anyone inside until the ransom is paid. IoT ransomware is a significant risk. This is especially true for unmanaged IoT and connected devices since admins are not actively monitoring them and have no visibility over what devices are connected to the network.

5 Causes of IoT Ransomware

1 - Outdated Operating Systems and Firmware

IoT devices tend to be somewhat forgotten, which means IT typically does not have them on the schedule for pushing updates. Any device with an outdated operating system is inherently more vulnerable than one kept up to date and patched. Device management systems can push firmware updates to all devices automatically, which is excellent for known devices. However, you can’t secure what you don’t know, making unmanaged IoT and unmanaged medical devices especially vulnerable to IoT ransomware.

2 - Lack of Patching Support

Even new devices can be vulnerable to zero-day exploits that need to be rapidly patched. On the same note, it can be hard to push patches to unmanaged devices. Medical device security can be a challenge since FDA regulations restrict updates and other software changes. Additionally, most IoT devices are not designed to run third-party security software. In some cases, the software is designed without support for dynamic patching at all. For example, many hospitals lease machines with restrictions on what the user can change or update, such as admin passwords or other default services. These restrictions can wreak havoc, including IoT ransomware attacks, as we saw in the 2017 WannaCry ransomware [MP5]attack, which still is affecting just under half of healthcare organizations today.

3 - Lack of Reliable Authentication Mechanism

Another problem with many IoT devices is that they don’t have authentication mechanisms. No authentication means they can be spoofed easily and used to mass-disable devices, such as security cameras. Unmanaged devices don’t have any means to ensure trust, which forces the network to accept untrusted connections. Unknown devices on your network put your organization at significant risk for IoT ransomware.

4 - Default Passwords

Without proper management, many devices end up with their default passwords still set. Attackers can easily get ahold of these passwords and use them to access your networks and connected devices. Ideally, it would be best if you changed default usernames and passwords as soon as possible, ideally before deployment, to avoid IoT ransomware.

5 - Ghost and Spoofed Devices

We mentioned the possibility of spoofing above, which is especially problematic for IoT networks that include a large number of connected devices. For example, a building that uses smart bulbs may have 100 or more “nodes” on the network. It’s easy for an attacker to slip in an additional one without anyone noticing and then use the spoofed device to access the network and take it over with malicious intent. The same can happen with HVAC and entry-control systems, which are common ghosts in the healthcare machine.

Using Securolytics to Stop IoT Ransomware

IoT ransomware can be harder to deal with than ransomware aimed at hard drives and storage devices. A first step in protecting your organization from IoT ransomware is knowing what devices are on your network.


Securolytics makes it easy to manage your IoT network with less time and less overhead – starting with the Securolytics IoT Mini, which is available free of charge for a limited time.


You can request your free IoT Mini here. Once approved and you receive your device, it’s easy to get started:

  1. Connect the Securolytics IoT Mini to any network port. It takes <2 minutes!
  2. Within two days, you’ll get an automated report of all connected devices on your network, as well as IoT vulnerabilities (including OWASP IoT Top 10) and available patches.


You can test the results at home, with a virtual network, or directly on your corporate network with zero impact on performance, availability, or bandwidth.


To start profiling IoT devices on your network, request your Securolytics IoT Mini today.

IoTmini

Request Your FREE IoTmini

Profile IoT Devices and Vulnerabilities on Your Network in Just Minutes
Administrator

Administrator

Share This Blog

Share on facebook
Share on twitter
Share on linkedin
Share on email