The prevalence of ransomware grew by more than 50% in the past year, according to Carbon Black's 2016 Threat Report.
In 2015, it was considered to be a $24 million crime, which jumped to $850 million in 2016, according to the report.
It's clear that ransomware is here to stay, at least for now, but what will it evolve to in the future?
In a new research paper, Stephen Cobb, Senior Security Researcher at ESET, explains:
"One of the trends that I found most worrying in 2016 was the willingness of some humans to participate in the following three activities at scale: hold computer systems and data files hostage (ransomware); deny access to data and systems (Distributed Denial of Service or DDoS); infect some of the things that make up the Internet of Things (IoT). Sadly, I think these trends will continue in 2017 and there is potential for cross-pollination as they evolve."
With the sheer volume of ransomware attacks and breaches into IoT devices, the creation of a new hybrid crime model, or Ransomware of Things (RoT), isn't that far off.
All a hacker would have to do is to hack into someone's cell phone, smart car, or connected home and demand a ransom to unfreeze usage.
“While traditional ransomware affects your computer and locks your files, IoT ransomware has the opportunity to control systems in the real world, beyond just the computer,” Neil Cawse, CEO at Geotab, tells Tech Crunch. “In fact, due to the many practical applications of IoT technology, its ransomware can shut down vehicles, turn off power, or even stop production lines. This potential to cause far more damage means that the potential for hackers can charge much more, ultimately making it an appealing market for them to explore.”
The number of connected devices is only growing, increasing the attack surface for cyber criminals as well. According to a white paper from the Online Trust Alliance (OTA), five million new IoT devices are being connected every day, and by 2020 it's expected to reach 20.8 billion.
So what is to be done to prevent RoT from spiraling out of control, should it gain traction in 2017?
The U.S. Department of Human Services outlines six steps in securing IoT devices, including "incorporating security at the design phase," "building on proven security practices," and promoting transparency.
Furthermore, do not pay the ransom. Instead, check out free tools like the No More Ransom! project to see if a decryption key already exists.
