RansomWare and Internet of Things: A New Security Nightmare

Internet of Things (IoT) has dramatically revolutionized different aspects of living over the past few years. IoT is a huge network of devices that are able to sense and hold sensitive information about their owner/surroundings. Research stands testimony to the fact that these tiny IoT devices have security flaws. Recent ransomware attacks like WannaCry and NotPetya have shattered the illusion that a back-up can protect an organizations digital data from being hacked. If huge organizations were forced to pay ransom, one can only imagine the situation when a single individual is involved. In other words, when the worlds of IoT and ransomware collide and cybercriminals begin to load IoT devices with the malware, a perfect storm of cyber security arms race will be created. IoT offers a huge extortion landscape for the attackers and a ransomware in it can be extremely dangerous for it can affect the entire range of security services i.e. integrity, confidentiality and availability which can result not only in monetary losses but also in sensitive information breach and life risks. This paper discusses both the customary as well as the recent IoT directed ransomwares, explains the methodologies that were taken, and identifies the lessons learnt after the attacks, what precautions should be taken and the possible solutions available.