…and it’s more cost-effective than paying the ransom
Ransomware attacks are on the rise. Due to relatively low execution costs, high rates of return, and minimal risk of discovery (compared to other forms of malware), ransomware has quickly become a preferred method of attack for cybercriminals.
This fact is backed up by recent data from Atlas VPN who states that the amount of demanded ransom payments increased by 140 percent from 2018 to 2019. What’s even more troubling is that of those attacked, 57 percent of organizations settled and paid the ransom during the last 12 months.
Although the most common source of ransomware infection remains an organization’s computer systems, IoT devices are also vulnerable as the infection can spread quite quickly across the organization, especially when the network is not properly segmented. Later in this blog post, we will examine a real-world example within a large hospital system in Europe and what they did when they discovered that their ultrasound devices were infected with WannaCry.
With IoT, ransomware can have devastating effects. In addition to impacting the data within the devices, ransomware can render the physical functions of that device inaccessible until the ransom is paid.
WannaCry – the most infamous form of ransomware – and it’s not over yet!
Of all the types of ransomware out there, the one people are most familiar with is WannaCry. According to Wikipedia, WannaCry is estimated to have affected more than 200,000 computers across 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
Although WannaCry was first detected in May of 2017, according to Safety Detectives, three years later, in 2020, it still represents nearly half of all reported ransomware incidents in the US alone.
Some important facts related to WannaCry:
If you have been a victim of a ransomware attack in the past, it is important to pay attention to any unattended devices.For example, hospitals and other organizations, who have had their computer systems impacted by the multiple rounds of WannaCry outbreaks, need to confirm that any medical devices (especially those running old versions of MS Windows Operating Systems) haven’t also been infected.
Real-world scenario of medical device infection with WannaCry and the innovative solution found.
In 2019, a European hospital system had a serious WannaCry infection in their network. Unfortunately, some medical imaging (or DICOM) devices were also affected since they were running old versions of MS Windows operating system. These devices couldn’t be patched without breaking the device manufacturer’s warranty and, due to the expense of these devices, couldn’t easily be replaced.
This European hospital system decided to do a Proof of Concept with Extreme’s Defender for IoT. Defender for IoT provides in-line protection and segmentation of vulnerable devices. The hospital wanted to see if it might be able to help solve its suspected malware/ ransomware issue.
Step 1: Confirm the existence of the infection on the imaging machines. The hospital selected one of the suspicious DICOM devices, specifically an ultrasound in the maternity section of the hospital. The danger with this device being infected is that some of the images and reports could be stolen and held for ransom, or worse, the device could be taken control of and rendered unusable.
Step 2: Confirm the ultrasound device could function safely while being infected with Defender for IoT. Since the ultrasound device cannot be patched or upgraded, the infection will remain. However, by using Defender for IoT, the infection can be contained within the ultrasound device preventing propagation through the network.
What the hospital did:
In short, using Defender for IoT, this hospital system can continue to use its infected medical devices without worrying about another reinfection of their broader network and without worrying about data corruption or loss of the ultrasound images and files. Through the combination of applying security profiles and segmenting the devices, Defender for IoT ensured that this hospital could continue to leverage its asset safely and securely.
New ransomware designed specifically to attack IoT devices?
Cybersecurity experts all agree that ransomware attacks are only going to accelerate and could represent an increased threat to IoT devices in 2020 and beyond. The recent headline making cyber-attack at Honda illustrates this alarming trend. Why?
Although more information still needs to be gathered on this very high-profile breach as well as this newer form of ransomware, companies that run Industrial Control Systems need to review existing security practices and even perform risk assessments to see where vulnerabilities might exist. Particularly where some IT/OT convergence has taken place. Helpful guidance can be found from the US Cybersecurity and Infrastructure Security Agency in their document titled Improving Industrial Control System Cybersecurity with Defense-in-Depth Strategies.
In addition to protecting your computer systems and company data from the threat of a ransomware attack, it is also critical to review and update your current IoT security practices, especially for mission-critical endpoints such as medical devices and industrial control systems.
Defender for IoT can be an important component of a multi-layer defense strategy for unattended endpoints. And like the example shown with the European hospital system, it also be used to contain ransomware, malware, and viruses within high-value, infected devices that cannot be patched so that they can continue to be used safely and securely.
For more information: