Ransomware May Target ‘Smart Cities,' Autonomous Cars For Bigger Payoffs

A ransomware attack recently hit the San Francisco transport agency, and the attackers asked for $70,000 to unlock the systems. The agency cleared its systems, but we may see many more attacks on public “smart” systems that use outdated or unpatched operating systems and firmware.

Public Transit System Ransomware

Criminals locked San Francisco public transit system’s computers, thus enabling users to get free rides for a short time. More than 2,000 machines were affected, and they included ticketing machines, but also employee terminals and computers that may be used to look after employees’ payroll or personal information.

Muni, the agency in charge of the public transit system in San Francisco, said the malware did not affect customer information and that there has been no impact on the transit system itself. However, because some customers were able to travel charge-free, Muni disabled fare gates from Friday to Sunday. The agency said it had contained the attack Monday and that all systems will be fully functional soon.

Ransomware Now Targeting Higher-Profile Organizations

Ransomware attacks have kept climbing over the past few years. They tend to be quite profitable for the attackers, who keep their identities relatively well hidden using the Tor anonymity network and Bitcoin payments.

However, after locking millions of personal computers and even some smartphones, we may now see ransomware attacks go after targets that could significantly increase the attackers’ “revenue.” These include universities, hospitals, and more recently public transport systems. Soon, ransomware may even target autonomous cars and other smart city systems as they become more commonplace.

These targets could raise the unlocking price from a few hundred dollars, which is the amount the attackers tend to charge individuals now, to thousands or tens of thousands of dollars. If the target is an organization that can’t stay locked out of its systems even for a few days, it may be more willing to pay up. However, the FBI has recently recommended that no one should pay these criminals, as that only encourages them to attack other people.Moreover, some of them may not even unlock the devices after the attackers are paid.

Some ransomware locked computers can also be unlocked after some time if security researchers and law enforcement manage to get the decryption key from the criminals. Then, the researchers can build tools with the key to unlock the devices encrypted by that specific ransomware.

Rise of Insecure IoT Could Lead To More Ransomware

Right now, the biggest threat of insecure Internet of Things devices is that botnets can take them over and then use them in massive distributed denial of service (DDoS) attacks against large companies or organizations. However, ransomware could leverage the same vulnerabilities as well, especially if attacking them could lead to a whole city infrastructure being locked-down, as it has already happened to San Francisco’s Muni.

Cities are starting to adopt IoT devices as well, which can then power transportation systems, information systems, power plants, water and electricity supply networks, law enforcement, and so on. Once these systems use insecure IoT devices that aren’t well supported, they can become easy targets for ransomware and other types of attacks, which could then create major disruptions in cities.

Autonomous Cars Are A Future Potential Target For Ransomware

Autonomous cars, which software will fully control, could also become a vulnerable target to ransomware. Most would pay hundreds of dollars, if not more, to unlock their cars and be able to use them again if no other solution exists. That’s why manufacturers of autonomous cars will have to take security much more seriously, before they launch these cars on the market.

If ransomware can remotely infect autonomous driving systems, then it also represents the risk of death for the people inside the cars. The systems could be locked immediately as the infection occurs, potentially disrupting the functioning of the autonomous car altogether, while it’s driving. Also, if ransomware can infect cars remotely through the Internet, then other types of attacks, perhaps even more dangerous and malicious ones, could affect the cars and their drivers.

The rise of insecure IoT devices should soon show everyone just how important and even vital software security is for our future smart cities and autonomous cars, even to those who may still be asking for software backdoors as a “public safety” measure.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • problematiq
    Well, they are ransoming a 30GB database from the San Francisco Metro subway for 73k in bitcoin.
    Reply
  • valeman2012
    Ransoming is not successful in such high level agency. They already restoring their services.
    Reply
  • valeman2012
    Not to note SF is a Higher Tech area.
    Reply
  • problematiq
    18931414 said:
    Ransoming is not successful in such high level agency. They already restoring their services.

    Sometimes, in the case of the subway it's a matter of the database containing information on employee's as well as other sensitive data. There was a string of hospitals that were infected with ransomware and the hospital paid in the end just to get services up and running. Just having offline backups is no longer a "fool-proof" way to prevent being down from ransomware. We have seen ransomware that infects backups and sits and waits before encrypting. THAT BEING SAID! You are correct in that your typical ransomware is not likely to take down an entire city, maybe state actor backed ransomware though.
    Reply
  • firefoxx04
    Anyone who believes ransomware is not successful (and profitable) has not been paying attention. Those guys bring in some much revenue that they have actually switched to a customer service oriented approach, call centers and everything to make paying your ransome as easy as possible.
    Reply
  • Art_8_
    If you think they will go after your smart car for a few hundred $$ to unlock it from ransomware then you fail to see the real potential. More like if you don't sign over your entire bank account(s) within the next 6 minutes they will drive your wife/kids etc off a cliff or into a train is more like how they will do it. and after a few high profile cases of that actually happening emptying a bank account to save the entire family, maybe even yourself if you are also in the car will seem like a bargain. Especially if insurance will cover it.
    Reply
  • targetdrone
    Or maybe don't connect your car to the internet.

    The NOC list at CIA Headquarters in Langley can't be hacked remotely because its on a isolated mainframe in a secured room with no outside communication.

    The toilets on the Galactic were manual flush instead of wifi/bluetooth to keep the Cylons from hacking the toilet then flushing all the Oxygen from the ship. Every system on the bridge was isolated to keep the hack of 1 system from affecting another.
    Reply
  • problematiq
    18933874 said:
    Or maybe don't connect your car to the internet.

    The NOC list at CIA Headquarters in Langley can't be hacked remotely because its on a isolated mainframe in a secured room with no outside communication.

    The toilets on the Galactic were manual flush instead of wifi/bluetooth to keep the Cylons from hacking the toilet then flushing all the Oxygen from the ship. Every system on the bridge was isolated to keep the hack of 1 system from affecting another.

    Air Gapped does not mean secure. If you look at Stuxnet, it hopped and air gapped network and still managed to do it's job just fine. Don't get me wrong, it does make it more difficult for malicious actors to get into, but not impossible.
    Reply
  • RomeoReject
    What's Seal Team 6 doing these days? I have an idea for how to solve the ransomware plague.
    Reply
  • targetdrone
    18934801 said:
    18933874 said:
    Or maybe don't connect your car to the internet.

    The NOC list at CIA Headquarters in Langley can't be hacked remotely because its on a isolated mainframe in a secured room with no outside communication.

    The toilets on the Galactic were manual flush instead of wifi/bluetooth to keep the Cylons from hacking the toilet then flushing all the Oxygen from the ship. Every system on the bridge was isolated to keep the hack of 1 system from affecting another.

    Air Gapped does not mean secure. If you look at Stuxnet, it hopped and air gapped network and still managed to do it's job just fine. Don't get me wrong, it does make it more difficult for malicious actors to get into, but not impossible.

    What is more worried some, a 2017 car being hacked by hackers on the other side of the global because it has always on internet with no security to speak of or someone breaking into a garage to reprogram the ECM of a 1999 Toyota and install a wireless comm system to control it remotely.

    Reply