With WannaCry dominating news headlines for a week, the world got a taste of what the future of ransomware may look like. Unfortunately, the future is most certainly not bright. Creators of ransomware are highly organized groups that on paper resemble companies in terms of structure and professionalism. The sole aim of such malware is to generate profit and such organized crime groups know their market incredibly well. Once your files become encrypted after infection the ransom note details how to buy Bitcoin or other cryptocurrencies, and how to pay the ransom in order to have files decrypted. The amount needing to be paid is carefully considered, normally amounted to a few hundred dollars. So while the situation is infuriating, many victims decide to pay and hope it will not happen again.
Ransomware is not a new phenomenon. However, cyber-criminals are using exploits developed by state security agencies, making the threat posed by future ransomware attacks far more devastating. WannaCry is an excellent example of this, the ransomware itself was defined by experts as strictly “amateur hour”. Once combined with the recently dumped NSA tools EternalBlue and DoublePulsar it infected over 200,000 computers in over 150 computers. Another dump of similar grade hacking tools will result in another ransomware campaign.
This in itself is perturbing. This horror story does not end there.
Internet of Things Vulnerabilities
The much-famed rise of the Internet of Things, or appliances which connect to the internet for your ultimate convenience, can be hit by ransomware. Essentially, you could be locked out of using your household’s thermostat unless a ransom is paid, the same for smart TVs, or even your house if you have a locking system connected to the internet. This is will be extremely vexing to consumers and experts in the information security sectors. Unlike computers with advanced operating systems that can be patched, internet connected appliances do not have dedicated teams creating patches in case an attack were to happen. Also, unlike computers appliances are intended to be used for a much longer period, ten years in some cases, companies do not have the facilities or even budgets to run dedicated teams to prevent attacks particularly when they are producing numerous models of different appliances. The case of driverless cars and cars connected to the internet is also worrying. They too are susceptible to attack, and one day someone may attempt to start their car and find a message to say the engine has been disabled and a ransom is required for it to start. The idea of a hacked taxi service that requires you to pay a further fee to be taken to your destination is not out of the realms of possibility.
Ransomware is traditionally seen to target private individuals with the overall aim of extorting relatively small sums of money. As was seen with the WannaCry attack it is not only individuals but organizations that can be attacked. The British National Health service was effected as well as Nissan manufacturing plants both running Windows XP which Microsoft no longer supported. What is worrying is that government services can be likewise attacked. Suddenly a town’s water supply or traffic lights connected to the internet for ease of access may suddenly be vulnerable and service may be interrupted for the financial benefit of an organized syndicate.
Combatting this Scourge
While it is still advised to make sure computers and networks are always kept up to date with regards to patches and backups are made regularly, this cannot prevent appliances from attack. They are regarded as unpatchable. While patching and backing up systems is essential and will prevent many of today’s current ransomware campaigns from infecting your computer a fully managed SIEM, or Security Information and Event Management, solution can provide the best defense in preventing such and similar attacks. Through the constant monitoring of networks and devices, such solutions can and will detect activity outside the normal scope of the relevant environment. Through constant monitoring and the application of relevant correlation rules can similar attacks be prevented.