As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns.
Called Ransomware for IoT or
R4IoT by Forescout, it's a "novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT [information technology] network and impact the OT [operational technology] network."
This potential pivot is based on the rapid growth in the number of IoT devices as well as the convergence of IT and OT networks in organizations.
The ultimate goal of R4IoT is to leverage exposed and vulnerable IoT devices such as IP cameras to gain an initial foothold, followed by deploying ransomware in the IT network and taking advantage of poor operational security practices to hold mission-critical processes hostage.
"By compromising IoT, IT, and OT assets, R4IoT goes beyond the usual encryption and data exfiltration to cause physical disruption of business operations," the researchers said, thereby adding an additional layer of extortion to a traditional ransomware attack.
