PaperW8: An IoT Bricking Ransomware Proof of Concept

Internet of Things (IoT) devices are used in many facets of modern life, from smart homes to smart cities, including Internet-enabled healthcare systems and industrial control systems. The prevalence and ubiquity of IoT devices makes them extremely attractive targets for malicious actors, in particular for taking control of vulnerable devices and demand ransom from their owners. The aim of this paper is twofold: to investigate the viability of a ransomware-type attack being carried out on IoT devices; and to explore what damage can be inflicted upon devices after they have been compromised. To test whether ransomware is a viable method for attacking IoT devices, we developed our own proof of concept malware for Linux-based IoT devices dubbed “PaperW8”. We looked at feasible ways for infecting IoT devices, as well as potential methods for gaining control and applying persistent changes to the target device. We successfully created a proof of concept ransomware, which we tested against six vulnerable IoT devices of various brands and functions, some of which are known to have been targeted in the past but are still widely in use today. Developing this proof of concept tool allowed us to identify the main requirements for a successful ransomware attack against IoT devices. We also determined some limitations of IoT devices that may discourage attackers from developing IoT-specific ransomware, while highlighting workarounds that more determined attackers may use to overcome these obstacles. This paper has demonstrated that IoT ransomware is a credible threat. We implemented a proof of concept tool that can compromise many IoT devices of varying types. We envisage that this work can be used to assist current and future IoT developers to improve the security of their devices, and also to help security researchers in implementing more effective ransomware countermeasures, including for IoT devices.