Technology / Ransomware criminals making millions – and the IoT is their next target

Ransomware criminals making millions – and the IoT is their next target

Ransomware - malware that encrypts users' files and demands payment for their return - has become a reliable business model for cyber criminals, and experts have warned that the growing number of Internet of Things devices will be their next big target.

The "exponential increase" in ransomware in recent years has been big business for cyber criminals, Intel Security's EMEA CTO Raj Samani explained at a recent roundtable. The author of Cryptowall, for example, was found to have $650 million (£490 million)  in their Bitcoin wallet - at least a third of which was earned through ransomware.

Victims in the United States pay ransoms 54 per cent of the time, he said, and UK victims 44 per cent. These relatively high payment rates mean cyber criminals can simply obtain email addresses - Samani demonstrated how 300,000 UK email addresses can be purchased on eBay for just £14 - send out their ransomware and wait for the payments.

"What is really interesting is that we have actually seen criminal organisations launching [businesslike email] campaigns," he said. "What was fascinating was that as certain emails had a decreasing clickthrough rate, they would launch new campaigns."

"I think it is really interesting that the risk has grown with Bitcoin, as well," said Emma Wright, a partner in commercial technology at Kemp Little, "because it allows the money not to be tracked.  And mobile devices, as well, because there is so much more opportunity."

But now the tactics are changing, Samani said, and hackers are "specifically going out and targeting organisations and businesses" with more focused ransomware campaigns. Specifically, the healthcare and education sectors are their "primary targets".

"The whole extortion angle is growing exponentially," he said.

And the problem is only set to get worse as ransomware moves to mobile devices and the Internet of Things (IoT), the panelists warned. It is only a matter of time before stories surface of malware that locks its victims’ connected cars and won’t let them start the engine and drive anywhere until they make a payment in Bitcoin.

“The reality is that we will be fully connected, fully online and we are moving towards that really quickly,” Samani said. “The challenge is to make consumers aware… The concept of today’s ransomware is to lock your data, but we are showing here that it is the device.”

Unfortunately, companies are keen to get new connected products to market as quickly as possible – often at the expense of security. When Intel identifies flaws in these devices, Samani said it gets varying responses when it notifies the manufacturers.

“We get a very mixed bag of responses from companies when we notify them of vulnerabilities,” he explained. In some cases the firms are very co-operative, but in others he gets “complete silence” and the flaws remain in the products, putting consumers at risk.

“There is a race for the newest, shiniest new systems and it is security that is being jeopardised,” Wright said of the rush to release new IoT-connected devices.

And although smartphones, tablets and the IoT are growing concerns, cyber criminals are also finding new ways to extort money from users through their computers.

While current ransomware variants are an annoyance, they can usually be mitigated without too much disruption if a business keeps backups. In future, however, Samani expects to see a rise in “dormant ransomware”, which sits in these files and makes them impossible to restore.

“They will manipulate and corrupt your backups, and then you will have no choice but to pay,” he said, although giving into cyber criminals’ demands is always a risky game and gives no guarantee that firms’ files will be returned.

The good news is that alliances are being formed to fight the threat and educate consumers. Intel itself partnered with Kaspersky Lab, Europol and the Dutch Police to launch No More Ransom – a site offering advice and decryption tools for those infected with ransomware.

On its first day, the site received 2.6 million requests. It now averages around 300,000 per day and attracts new visitors each time a new resource is uploaded.

“The site has been a huge success,” Samani said. “I think this is an important site and we are getting great traffic and every time we get a new [decryption tool] interest only grows.”



Get our latest features in your inbox

Join our community of business leaders