IoT Ransomware Trends

Soteria Cybersecurity
3 min readMar 13, 2017


Do you think IoT ransomware will be a problem in the neat future?

@CarsonSallis1, you bring up a very interesting question that is starting to become a hot topic in cyber security research. Internet of Things (IoT) ransomware is not yet a widespread threat to IoT devices, but there is evidence to indicate that it could become a growing threat. Security researchers (and hackers) are proving that creating and launching IoT ransomware is feasible and could potentially become a more pervasive threat in the near future.

Ransomware: malicious software that enables a hacker to render electronic equipment or electronic files unusable by the owner until a ransom is paid

With more devices being designed to connect to the internet, the greater the opportunity for hackers becomes. In this article, we provide three publicized examples of how IoT ransomware is already impacting a wide variety of devices and industries.

  1. How IoT Ransomware Heated Up DEF CON 2016: At the 2016 DEF CON security conference, two security researchers demoed their proof-of-concept ransomware designed specifically for internet-connected thermostats. This ransomware enabled the researchers to hold the thermostat at ransom and take control of the its functions, such as raising and lowering the temperature. The researchers’ intention was not to cause harm to consumers or the device manufacturer, but to demonstrate that securing IoT devices is a potential concern that should be addressed sooner rather than later.
  2. How IoT Ransomware Held a Hotel Hostage: In January 2017, hackers successfully launched a ransomware attack on a 4-star hotel in Austria, locking down hotel computer systems and locking out 180 guests from their rooms. This attack, however, was not the first of its kind for the hotel, Romantik Seehotel Jaegerwirt. It was the third successful attack the hackers made on this hotel’s computer systems, costing the business thousands in Bitcoins over the course of the attacks.
  3. How Ransomware Crashed Cameras at the Inauguration: Eight days before the 2017 Inauguration, a successful ransomware attack rendered 70% of D.C. police surveillance cameras unusable. To remedy the situation and avoid paying the ransom, the devices were taken offline, wiped, and reinstalled, a process that took approximately 48 hours to complete.

In addition to ransomware, botnets are also impacting security and functionality of IoT devices. Botnets can be set up to overload internet-based services in what are known as DDoS attacks. In October 2016, a botnet overloaded and crashed domain name service provider Dyn with web traffic in what was the largest and most widely-publicized DDoS attack of the year. This Dyn DDoS attack affected not only it’s system, but also crashed popular sites such as Twitter, GitHub, and Reddit that used Dyn as their DNS service provider.

Botnet: a group of internet-connected devices infected with malicious software that controls the functionality of the devices as if they were a single unit

DDoS: Distributed Denial of Service, or a type of cyber attack caused when an attacker floods an online service with web traffic and causes the targeted system to crash

With all signs pointing to a potential for hackers to exploit internet-connected products, we hope that IoT device manufacturers and regulators across all industries will place greater emphasis on making security a design requirement in their products and systems. By staying abreast of hacking trends and security research breakthroughs, the IoT industry will be better able to protect their business and its customers.

While it is difficult to predict where ransomware practitioners will focus their efforts next, current IoT devices are notoriously vulnerable to relatively easy attacks. These devices are typically designed with the assumption that they will never be exposed to the internet. If using these devices, you should make sure they are behind a firewall and protected from internet-based attacks.

Have a question for our security consultant? Submit your #askahacker questions to @SoteriaSecurity on Twitter or via email. Chosen questions will receive a response from our consulting team and a Soteria gift pack.

Originally published at on March 13, 2017.



Soteria Cybersecurity

We are a client-focused organization providing expert advisory, consulting, and tailored solutions to assist in preventing and responding to security incidents.