Back in June 2016, a botnet army comprised of 25,000 CCTV cameras crashed an online jeweler’s website. The notion that internet-connected cameras could be hijacked and used for DDoS was frightening, but not necessarily unique. Internet of Things DDoS attacks took place prior to and after the incident.
Another point of contention with internet-connected cameras was the idea of spying. Security surveillance systems and webcams, for instance, without proper authentication can be turned into vessels for espionage. Again, this is worrisome, but not novel.
Fast-forward to January 2017. President-elect Donald Trump only has a few days before becoming President Donald Trump and officials in Washington D.C. are preparing for the big event. Then it happens: Ransomware knocks 70 percent of the city’s CCTV cameras offline. The good news is that the public safety was never in jeopardy as a result. The scary news, however, is that under s a different set of circumstances, things could have been so much worse.
Disruption Like Never Before
When ransomware strikes, at worst, critical systems are rendered useless, causing immediate danger to people. At best, the systems are simply wiped and restored, and brought back online with little to do.
Of course, the best-case scenario is anything but ideal. Less than a week after the inauguration, the Cockrell Hill police department just outside of Dallas announced that it had been hit with a variant of Locky called Osiris. As a result, eight years of digital evidence was locked down. The department chose to wipe everything. While some of this evidence was backed up, “access to some videos and photographs” was lost forever.
Then there’s the worst-case scenario: A locked-down internet-connected system creates a scenario in which people could actually be at risk. The same week the the police department intrusion was announced, yet a third incident came to light. This time a hotel in Austria was hit with ransomware, resulting in the activation of digital door locks. As a result, many guest were locked out of their rooms upon leaving. In this particular incident, the worst of the fallout was that some guests had to spend time in the lobby while they waited for the ransom to be paid. But had a small a child been locked in a room, this would have been a very different story.
Going forward, we may very well see more attacks of this nature. Ransomware is evolving into the IoT.
Salvaging Uptime
Ransomware can lock down more than just your data.
IoT ransomware is a tough nut to crack. An air-gapped data backup might preclude the permanent loss of data, but if you’re running against the clock, re-imaging and then restoring a backup isn’t the most tactical approach. It will still precipitate downtime.
Reboot to restore software can bolster an organization’s preparedness for such situations. As implied in the name, critical systems can be restored to a previously locked pristine state with a system restart. Automated maintenance schedules can be set up using ‘Reboot to Restore’ solutions like Deep Freeze. This hygiene activity helps with preventative maintenance, especially when you could be dealing with dormant/ undetected malware.
Learn how ‘Reboot to Restore’ software can help in such situations, contact Faronics.
