“I’m sorry, Dave. I'm afraid I can't do that”...Until You Pay Up

By Jamison Utter

For several years I have been something near obsessed with ransomware and the entire criminal industry surrounding it. I have explored the ransomware threat from the ‘other side’: the commoditization of cybercrime, and more specifically, why it’s happening.

Our world is changing. I know that tech bloggers and science fiction writers have been saying this for years – and it’s true. What happens if we contrast the changes over the last 20 years in technology to the next 20 year? It’s not a matter of more computing power, or better phones. Rather, we are going to transition to a world where machines talk to machines and machines make decisions about our life, health, comfort, and safety.

This robot utopia can be just that, the amazing future promised us in science fiction. Or it can be a nightmare of bugs, glitches, and unrealized potential. Lot’s of decisions will drive us to the future end up with – these decisions will be made by manufacturers, service providers, and consumers; we will all play a part in both the end state and the journey we take to get there.

Recently we have seen the components of our digital society (called ‘things’, or the ‘Internet of things’, or simply ‘IoT’) participate in traditional cyber attacks. A number of new malware families are targeting these tiny computers, enslaving them as an army of devices larger than we have ever seen before. This recent turn has been foretold for years, and indeed some malware has crossed over to the world of things previously – just not as visibly.

Looking beyond all of the new challenges this new digital society will bring to security, information management, and business process we have to examine how digital crime will manifest itself in this new world. The new world poses interesting new threats.

In the old world denial of service was ‘inconvenient’ but seldom really important. In the new world a denial of service could mean that you get no electricity or water.

In the new world, will privacy continue to be a major concern? Or will the knowledge that we are monitored by machines at all times – even while sleeping – become part of our new-normal?

One thing I know is that criminals will continue to target access to our devices and/or our data. Sure, denial of service has been seen already. What I am talking about is RDoS - ransomware denial of service; a service denial of a completely different kind.

Imagine, if you will, you are headed to bed. Before you close your eyes, you ask your VPA (Virtual Private Assistant) to set an alarm for a non-standard time because you have to run an errand early in the morning. Instead of adding the alarm for you, it responds with ‘I’m sorry I cannot help you until you pay 1 Bitcoin’. That’s annoying, and not something you are interested in giving in to. So, instead you turn to your your watch, but it says the same thing. And so does your phone.

Project that across our digital reality, denial to entertainment (TV’s, or VR consoles), denial of transportation (our cars, public transport), denial of house and home (home automation). The possible effect is pretty staggering when you consider that all of these new ‘things’ are computers and capable, in most cases, of working as a full computer – in both good and bad scenarios.

I am certainly not trying to fear monger, rather I am really trying to raise awareness about a problem that’s nearly an epidemic in the traditional computer world (ransomware) and how it can be so much worse – or honestly so much more dangerous – in our new digital society.

About Jamison Utter

Natural curiosity has taken Jamison beyond the technical hack into the workings of the criminal industry; how and why malware is written, how people make money at it (why do they keep doing it) and what are the motivations.

More About Jamison