Emerging Threat: How IoT Ransomware Turns Devices Against Us

IoT ransomware attacks targeting home users can be considered more dangerous than traditional ransomware attacks, say cybersecurity experts.

Little evil robot standing on a locked internet sphere, man loking at him frustrated.
Created by Kornelija Poderskytė from DailyCoin

You wave your loved ones goodbye when they turn on the car engine and leave the house for work or school. The routine is like any other day, but then you receive a threatening message.

The anonymous sender informs you that your family’s vehicle’s control is intercepted, the steering wheel and brakes are in the hands of the hacker, and that you have 20 minutes to pay thousands in crypto for ransom if you want to see them back alive.

This sounds like a scene from a horror movie, but it is closer to reality than you think. With nearly a quarter of the devices around us being Internet of Things (IoT) devices and having cybersecurity issues, it is no longer just a theory that they can be exploited and turned against their owners.

“IoT ransomware attacks targeting home users can be considered more dangerous than traditional ransomware attacks for several reasons,” warns Zoltán Balázs, the Head of Vulnerability Research Lab at Cujo AI, a cybersecurity company.

IoT Devices Are High-Risk Targets

The Internet of Things is a vast and rapidly growing landscape, encompassing billions of smart devices connected with each other. Last year alone, their number jumped by 18 percent and is expected to increase another 16 percent by the end of 2023, reaching 16.7 billion smart devices globally.

Nearly one-third of our household network consists of IoT devices – like smart home appliances, routers, security cameras, and smart TVs. They enhance daily life by making it more convenient and automated.

However, because of their poor security measures and vulnerabilities, IoT devices are high-risk targets of hackers. 

Currently, many smart devices come with weak security features or do not have them at all. Default passwords protect vast numbers, have limited resources, lack encryption, and do not have regular firmware updates.

“Many IoT devices are not regularly updated – neither by the vendors nor the end users, meaning they often run outdated firmware that could have known vulnerabilities,” says Balázs.

IoT software vulnerabilities, like command injections and memory corruptions, play a significant role in IoT exploits. They are one of the critical risks together with employing default or weak passwords and exposing management services online, notes Daniel dos Santos, Head of Security Research at Forescout cybersecurity firm.  

“Both types of vulnerabilities allow attackers to take full control of a device and use it for malicious purposes.” 

One Compromised Device Takes Down a Whole IoT Network

To understand how smart devices can be exploited, it is essential to know that they operate through Wi-Fi, Bluetooth, or wired communication and are connected, most often through the router, which acts as their gateway to the internet. 

This means all smart devices, trackers, and sensors create an IoT network that can collect data and transmit it to the cloud or another device, where the information is processed and analyzed to detect patterns, extract insights, and make data-driven autonomous decisions. 

Hackers frequently use brute force attacks against IoT devices to guess passwords, execute harmful commands or inject malicious code into the device to get access to it. 

Once any gadget is compromised, the malware spreads from one device to another, infecting the whole network and allowing attackers to control it. The whole IoT network can then carry out a range of malicious activities. 

Specific IoT Devices Targeted

The primary functionality of IoT malware has often been to form botnets for launching Distributed Denial of Service (DDoS) attacks, mine cryptocurrencies such as Monero, or sell access to other threat actors that may use infected IoT devices as proxies for further attacks, agree cybersecurity experts.

Recall the largest Mirai botnet attack in 2016, when over 600,000 compromised IoT devices took down internet services in the US through a massive DDoS attack.

Yet despite those prevalent threats, ransomware attacks against IoT devices are increasing. Moreover, hackers usually target specific types of IoT devices.

“Ransomware campaigns against IoT devices have been gaining a lot of momentum. The most common IoT targets nowadays are Network Attached Storage (NAS) devices,” notes Forescout’s Daniel dos Santos. 

NAS devices are easily available portable data storage devices, often used by households and small or medium businesses. Acting as a local centralized cloud, they allow multiple other IoT devices to access and store data.

However, being less secure than traditional computing devices, they are the primary targets for criminal actors. Thousands of NAS devices are locked by ransomware in real-time.

Report on ransomware.
Source: Shodan.io 

“Another target for ransomware is Android-based Smart TVs, where the infection vector is usually a malicious app. In these cases, the ransomware type is a screen locker, making the device non-functional,” highlights Zoltán Balázs. 

According to him, the lack of backups and the greater difficulty of remediation makes IoT ransomware attacks more dangerous than those against traditional computers, where backups are more commonly implemented.

“IoT devices lack the interfaces or tools needed for users to resolve a ransomware attack themselves. This means victims may have to replace the device entirely or require professional help to recover from an attack,” states the cybersecurity expert.

Ransomware Surges, Turns an Eye on Households 

Amid the continuously evolving landscape of cyber threats, ransomware attacks are rising for the second consecutive year.

During the first six months of 2023, ransomware payments approached $450 million, marking the second-biggest year in a row, stated blockchain intelligence firm Chainalysis in its mid-year crypto crime report

Analytics highlighted that ransomware was the sole crypto-based crime category that increased during 2023, while inflows from other illicit activities dropped by 65%.

Although ransom payments from large-scale wealthy organizations largely influence the statistics, Chainalysis also reported a rise in small-scale ransomware attacks. Their payments for unlocking encrypted data vary from $275 to $563, depending on the ransomware version.

Source: Chainalysis

Cybersecurity firm BitDefender accordingly pointed out the growing tendency of ransomware attacks against smart home networks. 

According to its 2023 findings, an average household in the United States and Europe faces approximately eight attacks against smart devices every 24 hours.

Smartphones accounted for over 40 percent of all targets and were among the smart home’s most vulnerable IoT devices. Computers and streaming devices shared much lower rates, 16.2%, and 14.6%, respectively. 

Only a year ago, cyberattacks predominantly targeted smart TVs (52%), followed by smart plugs (13%) and routers (9%). Despite that, IoT devices are among the most vulnerable equipment in the world, says BitDefender.

“A ransomware attack could start from an exposed IoT device such as an IP camera or NAS, move to encrypt the IT workstations on the network, and finally crash critical devices such as programmable logic controllers. This shows that more advanced capabilities are already in the hands of attackers,” explains Daniel dos Santos.

Are We Prepared for IoT Ransomware Attacks? 

Cybersecurity experts agree that IoT ransomware is an evolving significant threat. The question is, how well are we prepared to protect against it?

Many IoT devices are still being built with limited systems and often run on firmware, which does not receive regular security updates. Besides that, we rarely bother updating the software of our routers, TVs, or security cameras. The lack of awareness about security risks associated with our IoT devices still works in favor of hackers.

Then there are regulatory issues. The rapid growth of IoT technology has outpaced regulatory frameworks, making it challenging to enforce security standards and ensure proper compliance for years.

The good news is that the situation is finally changing. Last week the US government announced the “US Cyber Trust Mark” program, which will certify and label secure IoT devices.

Simultaneously, EU member states agreed on the Cyber Resilience Act and their common position on security requirements for digital products, including IoT devices.

However, with the fast-paced evolution of Artificial Intelligence (AI), it is only a matter of time before threat actors start running advanced AI-powered ransomware versions. This will mean more automated ransomware processes and broader cyber attack possibilities against a more extensive range of targets, warn cybersecurity experts. 

According to them, AI will automate processes, making ransomware attacks extremely fast, customized, and scalable.

“Attackers can target AI/ML (Machine Learning) models by injecting malicious data or noise. There are even malicious versions of large language models being advertised by cybercriminals on the dark web,” says Forescout’s Head of Security Research.

In such a landscape of threats, the scale of challenges may appear to outweigh our safeguarding methods. But are we truly defenseless?  

How Can We Protect Ourselves?

Even though hackers tend to copycat successful ransomware attacks on IoT devices, cybersecurity experts ensure their targets have measures to enhance their cyber safety.

Zoltán Balázs, Head of Vulnerability Research Lab at Cujo AI, first and foremost advises paying special attention to routers and disabling Universal Plug and Play (UPnP) service.

“Universal Plug and Play (UPnP) can make devices more susceptible to attacks by automatically opening ports and allowing devices to connect to each other without authentication. By disabling UPnP, users can significantly reduce the attack surface of their network.”

Individuals and small businesses should regularly update their IoT devices, routers, firewalls, and any other network device, as updates often include patches for security vulnerabilities and reduce the risk of attacks. 

It would be wise to pay attention to the manufacturer’s reputation in patching policy and choose only trusted vendors with responsive security teams.  

People should also pay attention to the expiry date of their smart devices and replace them on time, as vendors stop supporting devices with vital security updates after they reach end-of-life. 

Finally, users should adopt strong and unique passwords. “Many IoT devices come with default passwords that are easily guessable or widely known. Always change default passwords and use strong, unique passwords for each device.”

Learn how to protect against social media bots:

Social Bots Are Watching You. How Dangerous Are They?

Find out about ways how to recover lost digital assets:

Safeguarding Assets: How to Prevent and Recover Lost Crypto

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Simona Ram

Simona Ram is a senior journalist at DailyCoin, based in Lithuania, who covers the forces and people shaping the Web3 industry and the areas where decentralized crypto assets meet the centralized world. She has experience in business communication within the financial sphere and has a degree in Foreign Languages, which helps her interact effectively with sources from diverse backgrounds. In her free time, Simona enjoys exploring new cultures.