Ransomware has long-since earned its reputation as one of the more prolific cyber security plights burdening hospitals. Recently, it extended its reach into utilities, infecting one organization in Michigan and subsequently knocking several important systems offline. Not to mention, it's been causing problems for individual users for years now.
The reason ransomware has been so effective is twofold. Firstly, it spreads through conniving social engineering tactics such as phishing, making it difficult to identify until it's already been executed. Secondly, once ransomware strikes, there isn't a mitigation tactic that will actually work. Users will have to restore a backup – assuming they have one and it's actually air-gapped from the infected systems – say goodbye to their files or pay the ransom. Often, victims will have no choice other than the latter option, which is why hackers continue to employ encryption malware successfully.
More importantly, thanks to the expansion of the Internet of Things, the number of devices that may be susceptible to ransomware is rapidly increasing. If nothing else, this is only giving cyber attackers more targets to aim for. And as one recent strain of ransomware that can infect smart televisions shows, they've already begun firing away.
FLocker: What it is and how it works
In June, Trend Micro researchers reported on a strain of malware called Frantic Locker, more commonly known as FLocker. The ransomware, which targets Android smartphones, was first discovered in May 2015, researches have since identified 7,000 variants of the malicious bug.
"Its author kept rewriting the malware to avoid detection and improve its routine," the researchers wrote. "Over the past few months, we have seen spikes and drops in the number of iterations released. The latest spike came in mid-April with over 1,200 variants."
The most recent versions of FLocker has the ability to not only infect the mobile Android devices, but also Android TV. Upon infection, the malware will wait for 30 minutes before requesting admin privileges. Trend Micro noted that this could a trick meant to bypass sandboxes that might otherwise detect the threat. At this point, if the user denies this access, it locks up the screen. It will then begin encrypting data. Next, it will display a message from the "U.S. Cyber Police," (note that there is n such entity in existence) or some other type of law enforcement agency, accusing the victim of being guilty of some sort of criminal activity. It will also demand $200 in the form of iTunes gift cards in exchange for the unlocking of the screen.
Ransomware won't stop at TVs
To be clear, this is not the first time that ransomware has targeted smart TVs. Nor is it the first time that IoT devices have been targeted. In 2015, The Hacker News reported on several strains of ransomware that can impact IoT devices.
However, FLocker serves as an alarming reminder for what we all know and hate to talk about, which is that the IoT may very well be the next big target for ransomware. In this case, we witness smart TVs being locked down. Previously, we saw smartwatches having data encrypted. Sure, these incidents are extremely inconvenient, but imagine if it were a car that got infected.
According to ZDNet contributor Danny Palmer, hackers wouldn't necessarily lock up the steering and run the car into a ditch, but they might lock the vehicle from starting or using certain functions until a ransom is paid. Given that a motorized vehicle is probably worth a lot more to a person than a watch or a television, and that it might get locked down at an extremely inconvenient time, hackers could hypothetically get away with demanding a more significant ransom than they could with a less integral device.
Will it go for medical equipment?
But that's not even the worst of it, according to Palmer. The scarier threat is the idea of ransomware infecting medical equipment. We've already witnessed how much hackers love to go for hospitals with ransomware. According to Becker's Health IT & CIO Review, hospitals are the target for nearly 90 percent of all ransomware attacks. Imagine if the ransomware that impacted Hollywood Presbyterian Medical Center back in February also infected critical medical equipment. The facility paid $17,000 to get its systems back online, and at the time, no patient lives were in jeopardy. Imagine what they might have been willing to pay if someone's health had been in danger.
Furthermore, Palmer noted that many pacemakers and insulin pumps are internet or Bluetooth-enabled, meaning it's not just health institutions that are risk, but also individual users of wireless health care technology. Add in the fact that many IoT devices have little to no endpoint security in place, the severity of the situation appears even more daunting.
Thus, the takeaway here is fairly self-explanatory: FLocker's ability to affect smart TVs is alarming, but it may only be just the beginning of ransomware's foray into the IoT. The potential of what's to come is far more frightening that what we've already witnessed. Let's hope we're prepared.