Physical Repercussions of a Ransomware Attack
Ransomware is a threat that has been growing steadily for the past two decades, evolving from a mail scam conducted from a P.O. box in Panama to an advanced cyber threat that is so common, it has become a major concern for individuals, governments, and businesses across every sector around the globe.
The number of ransomware attacks quadrupled from 2015 to 2016, and researchers believe that this number will double during 2017. In addition to the threat itself growing daily, the way in which ransomware affects its victims has evolved as well; whereas it used to be that the only consequences of an attack were online, there are now real-life, physical threats as a result of ransomware; there are two recent instances that are of considerable note.
Austrian Hotel Key Lock System
In early January of this year, four-star Austrian Hotel, Romantik Seehotel Jägerwirt, was infected with a ransomware attack that hit the hotel’s computer that was managing multiple systems including its reservation system, cash desk system, and most notably, the electronic key locking system.
The potential danger from hijacking this major system is guest safety; guests’ keys were not functional, meaning that they could have potentially been locked in or out of their rooms. Thankfully, fire code regulations globally mandate that electronic key locks open manually from the inside, so this threat was never realized. However, the hotel was unable to issue new room keys after the cyber attack, causing incoming guests to have to relocate to another hotel. This instance has been eye-opening for the hotel’s owner, who has since decided to switch back to ‘classic locks’ from the complex, modern ‘smart locks.’ Though this will not prevent further attack, it will prevent the new key card issuance problem from happening in the future.
Whereas this particular attack primarily impacted the business’s operations, an even more recent attack on the U.S. capital had potentially deadly consequences for the public.
Washington, D.C. Security Cameras
One week before the 2017 Presidential Inauguration of 45th President of the United States, Donald Trump, there was a ransomware attack on 66% of Washington, D.C. security surveillance cameras. Though the Metropolitan Police Department never saw any indication of a serious threat to the public, there was much concern over the attack. The infection lasted three days, keeping police from retrieving any surveillance footage during that time. This means that any activity that took place over this time span could not be reviewed if there was a security threat suspected. With events such as the Inauguration and the Marches for multiple causes in the days following, any actor with malicious intentions could have hidden something or done something that would have caused harm to those millions of people. National or global events often draw in much attention, including cyber crime and terrorism; a tech-savvy attacker could have hijacked the specific cameras that he/she did, in order to make it easier for an attack to take place. Not only this, but general public safety, regardless of upcoming events, was put in jeopardy by such a significant number of security cameras being out of working order.
This cyber threat was not only advanced in that it could have had potentially dangerous physical repercussions, but it also followed the modern trend of using IoT devices to deliver an attack. In the past few months, hackers have used Internet-connected devices such as digital cameras and DVR players to carry out DDoS attacks, and they have obviously evolved to be used in ransomware attacks.
Protect against these real world threats
Though thankfully neither of these two cases experienced the potentially dangerous, real-life threats they could have, lack of cyber defenses left people with serious digital and physical risk. Because of this, precautions must be taken in order to protect against similar attacks in the future which may have different and deadly outcomes.
- Educate employees– Computers involved in ransomware attacks are usually infected because of employees clicking on malicious phishing emails from hackers. Though neither of the cases above have discovered exactly how their systems were infected, 91% of cyber attacks are caused initially by a phishing email. Teach employees how to recognize these emails in order to prevent ransomware from coming into your company in this way.
- Have a recovery plan– The biggest issue for the Austrian hotel was that they had no clue what they would do if something like what occurred with their electronic key lock system happened. Having a backup plan is one of the key aspects of cybersecurity, as it is almost impossible to avoid every single threat that is out there. The phrase ‘expect the unexpected’ comes to mind in this case, where companies need a way to continue their major operations, even in the event of something like an unexpected cyber attack.
- Secure your IoT devices– Cameras in Washington, D.C. were not properly secured from attack, similar to the way digital cameras and DVR players were left unsecured and then consequently used in recent DDoS attacks. Prevent your smart devices from getting infected by ransomware by turning off remote access to devices when not in use, changing device default usernames/passwords, and keeping an updated system.
Hailey R. Carlson | Axiom Cyber Solutions | 02/06/2017