Why do all hackers want it? Ransomware of Things (RoT), new cyber weapon

According to a report submitted by data security training specialists, one of the fastest growing cybercriminal trends over the past year is the use of extortion in cyberattacks, as they present a high degree of success. Researchers claim that at least 8% of companies worldwide are victims of similar attack variants.

One of the factors that have contributed most to the increase in these attacks is the massive use of Internet of Things (IoT) devices, as on multiple occasions experts have pointed out the severe security flaws present in these devices.

Recently data security training specialists detected a new variant of attack against IoT devices. Known as Ransomware of Things (RoT), this variant could compromise all connected devices and services in an organization.

The ability to connect to a global network not only brings benefits, but also creates cybersecurity risks. IoT technology contains hundreds of security flaws that represent for threat actors the ideal opportunity to attack. This is why more than 25% of recently detected cyberattacks target IoT devices, as many operate with outdated software and exposed to exploiting dozens of vulnerabilities.

According to information system audit specialists, RoT attacks are similar to any traditional ransomware attack, as the goal is for the victim to pay cybercriminals to regain access to their compromised resources. The difference is that, in a RoT attack, hackers take control of the devices completely, taking them hostage thanks to a variant of malware known as “jackware“, a virus capable of monitoring internet-connected devices, even if they are inactive.

For example, cybercriminals can control all kinds of appliances and devices connected to the Internet. Threat actors can take control of basic home services (electric power, water supply, internet, among others), forcing victims to pay a ransom in exchange for regaining control of their smart home environment.

The worst part is that not only home IoT devices can be targeted by this attack. Thousands of business environments using insecure connected devices are also exposed, not to mention the large number of traffic lights, traffic signs, and even cars running on an Internet connection. In the worst case, the physical integrity of drivers could be compromised until a ransom is paid to cybercriminals.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.