There was once a time when ransomware, software that blocks individuals from their computer systems, would be spread exclusively through spam emails. As people became more aware and spam filters became more prevalent, malware became more target-specific with phishing emails. Now, an individual does not have to click a link to become infected—malware can infiltrate websites with code and be delivered to computer systems.
What’s next? The plausible future of ransomware are everyday devices. ZDNet reports that researchers at Intel Security found one particular car maker’s vehicle to be vulnerable to malware, as it was able to become infected by playing a song on repeat. Should cybercriminals be able to accomplish the same, then “you’re not even going to get out of your driveway unless you way,” Raj Samani, CTO EMEA at Intel Security, told ZDNet.
Home routers can also be easily infected. In theory, a cybercriminal would merely have to intercept a shipment and gain access to the default login credentials and, in turn, be able to gain access to every internet-connected device in the target’s home.
Simply put, cybercriminals are evolving and ransomware is on the rise: earlier this year, the FBI issued a warning of this upward trend.
“Ransomware has been around for a few years, but during 2015, law enforcement saw an increase in these types of cyber attacks, particularly against organizations because the payoffs are higher,” wrote the FBI in a post. “And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don’t prepare for these attacks in advance.”
Part of the solution lies in the hands of the consumer. The FBI recommends being up to date on the technology and having “robust technical prevention controls.” “There’s no one method or tool that will completely protect you or your organization from a ransomware attack,” said James Trainor, the FBI’s Cyber Division assistant director. “But contingency and remediation planning is crucial to business recovery and continuity—and these plans should be tested regularly.”
The other part of the solution lies in the companies that create gadgets and devices. "The concept of today's ransomware is to lock your data to ransom. But what we're showing here is that the data is almost irrelevant—it's the device we're locking up: connected medical devices, home routers, cars; it's the device," said Samani.