Blog & Events

Latest Blog

Ransomware in Thermostats: Another Reminder for Cloud Backup

Nov 16, 2016, 10:11 AM by Peter Ely

The bad guys ruin everything, don’t they?

Take the Internet of Things (IoT), for example — the relatively new phenomenon of connecting more and more of our everyday devices to networks, giving us more control over these tools and making them more useful, cost-effective and enjoyable.

IoT is already improving the quality of our home lives. WiFi-connected light-automation systems, for example, allow us to control the lighting sources throughout our homes from our computers and smartphones — changing their colors, dimming and brightening specific lamps according to time of day, etc. WiFi-connected garage door openers let us view an app on our phones to make sure we closed the door before we left the house. If not, we can close it remotely. (Here’s hoping someone develops a similar IoT app that lets us check on whether we turned off the iron.)

And IoT is even beginning to play a role in protecting and improving our health. Remote patient monitoring devices and other patient wearables, all connected to the Internet, send signals to our healthcare providers from wherever we are, and update them on various key readings like glucose levels, blood pressure and heart rate.

Internet of Things (IoT) Devices Like Connected Thermostats — a Tempting Target for Hackers

Of course, any devices that individuals and businesses connect to the Internet generate more personal and corporate data traversing cyberspace — and that brings out the bad guys.

Sure enough, as ComputerWorld reported recently in a disturbing article, hackers at the 2016 DEF CON hacking convention proved that they could take over an Internet-connected thermostat and pull off a ransomware attack against its owner.

In case you’re unfamiliar with the term ransomware (and lucky you!), it is quickly becoming a wildly popular method of cybercrime against businesses. In fact, according to a study reported recently by CNNMoney, almost 40% of businesses across the US, the UK, Canada and Germany have experienced a ransomware attack in the previous year.

In this two-part attack, hackers infect a computer or network with malware and in effect hijack the system, locking out its owners. That’s part one. Part two involves sending the victim a message — usually a typo-ridden “ransom note” written on the screen of one of the computers they’ve been locked out of — demanding a payment to the hackers to regain access to their systems. Some ransomware attackers throw in an added incentive to their business victims: Send the payment within a specified period of time, or we will destroy all of your corporate data.

Is Your Data Safe and Backed Up at All Times? In an Environment the Ransomware Attackers Can’t Access?

So, ransomware is on the rise, and cyber criminals are now going to be hacking our home and office thermostats. That’s awful. But can we learn anything from this?

I see two major lessons, actually.

First, should we ever catch a ransomware attacker, a fitting punishment would be to place them in a prison cell temperate-controlled by a thermostat that their victims can operate remotely.

And here’s the second lesson: The Internet of Things is a valuable reminder that more of our data — both in our personal lives and in our businesses — is being connected to the Internet is some way or another. But perhaps even more important than the fact that we’re connecting these devices to the Internet is that we are also, simultaneously, connecting them to our other networks.

It would be easy to fall into the trap of assuming that widespread IoT deployment won’t represent a significant threat to our businesses because these devices don’t often contain corporate intellectual property.

True, IoT devices will often represent logistical data — security-badge logs, for example, detailing the comings and goings of our employees. And there’s clearly not much valuable company data contained directly within a wall-mounted office thermostat.

But here’s the danger: The more devices our businesses are connecting to the Internet, the more pathways into our corporate networks and systems we are creating for hackers.

Which is an important reminder of the necessity to deploy a companywide backup and recovery solution that ensures all of your corporate data is safe, backed up and accessible 24/7. And because those hackers penetrating your corporate system would also have access to your backups if you maintained them onsite, the ideal data backup and recovery solution will be cloud-based, run by cloud data experts, and actively monitored by pros at all hours of every day.

KeepItSafe is an industry leader in cloud backup, disaster recovery and endpoint protection.

Contact us or one of our Partners to learn how we can protect your data — 24/7/365.

Resellers, join our Partner Program to help your clients better protect their data, systems and network infrastructure.


Peter Ely

Channel Marketing Manager, KeepItSafe

Get Your FREE Tech Brief!


nycrr-cyber-security-reqs-fin-services

Download a free tech brief.

"NY Cyber Rules and Compliance:
How to become compliant – and prove it."