Another malware threat has hit the computer market, this time targeting the Internet of Things (IoT) smart devices and home appliances.
The malicious software, dubbed ‘Istvad’ or IoT, has been found on over 1,200 connected smart devices, and the researchers are still investigating the extent of the threat.
According to research from Trend Micro, this particular ransomware variant was found to target Android devices and the most popular IoT devices, such as smart TVs, printers and air conditioners.
The malware, which is also referred to as Wannacast, encrypts files on connected devices and downloads the files into a special folder, before sending the files to an unknown location.
Once the files are downloaded, it uses the encrypted files to send the malicious code to its command and control server.
The ransomware, which also appears to be targeting Windows PCs, is known to run on Linux and Mac OS X platforms.
The researchers believe that IoT devices are susceptible to ransomware because of their high number of connected devices, which makes it easy for hackers to compromise them.’
In a matter of days, these IoT devices become infected with Wannaclast and its variants.’
We have seen a significant increase in the amount of IoT devices affected by Wannastacast,’ said Dr. Anil Gopal, the research director at Trend Micro.’
These devices are used by millions of people around the world, and it is possible that the number of IoT users could increase.’
The researchers have identified a total of 8,634 IoT devices that are infected with this ransomware variant, with the majority of these being Android devices, including the Samsung Galaxy S8 and the Sony Xperia Z5, as well as a handful of high-end devices from Philips Hue.
Wannaclasts ransomware, called ‘Wannacaster’, encrypts the data of connected smart phones and connects them to a server controlled by the malware, according to Trend Micro’s analysis.
Users are then directed to an address that is hosted on the infected device, where they are asked to provide their credentials and passphrase.
After this, the malware encrypts and sends the encrypted data to the server, where it is then encrypted with the data.
In total, the researchers have detected over 1.6 million encrypted files and 3.5 million encrypted URLs.
Users of IoT connected devices may not be affected by this ransomware.’
Wannastace ransomware does not have any security vulnerabilities,’ the researchers concluded.’
Instead, it relies on the assumption that IoT connected device owners are highly networked and rely on the IoT devices to store important data.’
This assumption is a false one, as there are many ways to bypass Wannace ransomware.
We have found ways to compromise IoT devices using an advanced and sophisticated attack strategy.’
Researchers have not identified a common variant of Wannabaster.
However, Wannacanast may be a ‘common’ variant of malware, as it has been observed targeting devices with Windows operating systems as well.
In addition, WannaCrypt is a variant of ransomware known to be used by hackers to access and steal data, and researchers have recently warned that the threat has reached a level where it’s impossible to stop it.
Trend Micro has launched a public awareness campaign to alert IoT users to the threat, and is also offering an online service to help them identify the ransomware variant they are currently experiencing.