Vehicle Ransomware - A Ransom for Your Car

The digital world is awash in ransomware. The car wash is coming soon...

Ransomware continues to be a major and growing global scourge. The number of ransomware attacks on businesses tripled in 2017, achieving the notoriety of an attack every minute. According to a leading cyber security survey, 54% of organizations were attacked last year and a further 31% expect to be victimized in the future.

To date, the healthcare and financial sectors are attracting most of the attacks, but look for the connected car and vehicle ransomware to zoom into the picture very, very soon.

Automotive vehicle ransomware for vehicles as vehicle hacking strategy is coming

Targeting the Supply Chain

Ransomware can attack anywhere along the automotive supply chain from manufacturers to suppliers, from maintenance providers to aftermarket equipment manufacturers and, of course, the car itself. The recent and highly destructive WannaCry ransomware successfully penetrated a Honda manufacturing plant in Japan causing an expensive shutdown. Nissan and Renault reported production stoppages in Japan, Britain, France, Romania and India.

Mitchell International, a large aftermarket car-parts replacement resource for collision-damaged vehicles, had to take its customers off-line for 48 hours after WannaCry struck their systems.

Targeting Endpoints

With a wealth of knowledge about endpoints and a healthy financial incentive to invade them, hackers concoct all sorts of schemes to separate people and organizations from their data. They use the latest encryption methodologies to prevent access to critical or vulnerable data by their owners and processors.

You want your data back? You pay up. Otherwise, you’ll pay even more.

The financial impact of a ransomware attack often dwarfs the ransom. While the average cost of an individual ransom might be of the order of a few hundred dollars, the full scope of an enterprise-wide ransomware attack is reported to be more than $130,000 and in some cases in the millions.

Much Higher Stakes – Connected Cars and Trucks

As cars become more connected, they take on more of the identity of typical endpoints in a network. Comprising as many as 150 electronic control units (ECUs), microprocessors that increasingly control all facets of the car from engine performance to the door locks, connected vehicles are starting to look like significant computer networks. Add to all of that communications across as many as ten internal buses and add the cloud and mobile networks connected 24/7, you have the makings of a veritable IT network on wheels.

One that is becoming more and more vulnerable to vehicle hacking.

Surpassing 25GB per hour, the data that the connected vehicle transmits emulates all the components of a typical endpoint communicating over an IT network. The entry system’s door-lock combination, where you are and where you go, your mobile purchases (your smartphone is part of the ecosystem, too), your credit card numbers, and much more are all stored and accessible via the car. These data nuggets are magnets to the ransomware hacker.

While personal data is certainly a prize worth hacking for, the connected vehicle has something that a computer endpoint could never dream of – significant intrinsic value. No hacker demands your $400 laptop as ransom. However, your car is worth tens of thousands of dollars. Your truck, much more. The cargo that you are hauling could be worth millions.

Vehicle ransomware through hacking opportunities are increasing as cyber security measures fall behindJust as the ransomware hacker encrypts data on the laptop and demands money before he will decrypt and release it back to you, he can do the same with your vehicle. But never mind the data. Vehicle ransomware cyber attacks can stop your vehicle from functioning altogether or, worse, can render vital functions of your car non-operational while you are on the highway.

Pay up or lose your car or cargo. Pay up after a ransomware attack targets your car or it will sit there like a rock at the side of the road. Pay up or your brakes don’t function.

Fleet Management Quandaries

Individual cars and trucks are enticing targets enough, but think about the multiplied attraction of entire fleets. There are so many ways for hackers to get into fleet management systems, all the way from the vehicles themselves to the fleet management software in back-office systems.

Today’s fleet operation is dependent upon computer systems and real-time data. By invading the command and control of the fleet management system, a talented hacker could potentially shut down an entire fleet currently traveling on the road. While recent attacks indicate that hackers require about $500 to release a single vehicle, it would take a king’s ransom to get all those trucks back into operation.

Shutting down the vehicles is not necessarily the only way to cause great financial loss to fleet operations. Merely disrupting the dispatch system can send very expensive cargos in errant directions. The merchandise arrived in Nashville, but it was supposed to go to Atlanta.

A spokesperson for Carrier Logistics warns, “We would not go through life walking across eight-lane highways without looking, but we see numerous trucking operations doing just that when it comes to cybersecurity. The fact is wherever computer systems are operating, serious concern and caution should be taken.”

This sounds like an understatement to us.

Insurers at Risk

Connected cars provide insurance companies with tremendous opportunities as new types of data may permit the construction of new types of insurance plans. For example:

  • Is the driver harder on the brakes and accelerator than normal?
  • What time of day is the vehicle usually on the road?
  • Does the driver take corners too sharply?
  • What’s the wear-and-tear on the tires?

But when it comes to specifying and pricing cyber insurance for connected-vehicle owners and, especially, fleet operators, insurance companies are traveling blind. They simply do not have the capability to determine if a vehicle, let alone an entire fleet, is adequately protected against ransomware and other cyber attacks. Current manufacturing, service and operation practices throughout the automotive industry do not guarantee the cyber security of cars and trucks. Insurers do not have sufficient data to quantify the risk of ransomware

Cyber Solutions for Vehicle Ransomware

At each level of the connected-vehicle ecosystem, the appropriate cyber security solution must be applied. Where the ecosystem resembles typical open IT networks, the solutions that are commonly applied there (see our article on IPS/IDS systems and Automotive Cyber Security) should be adopted by the automobile industry. These include SOCs, Incident Response teams and more.

However, with regard to the physical safety of vehicles, their passengers and their cargoes, connected cars and trucks take a sharp turn into new terrain. To properly protect the safety and security features of the connected car and truck, all players must insist on the adoption of a threat-agnostic, deterministic solution that will not, under any circumstances, allow hackers to gain control and hold a vehicle or fleet of vehicles for ransom by threatening their safety, the first order of business for consumers, manufacturers, fleet owners and insurers alike.

The cyber security threat landscape for automotive market and connected vehicles cyber defense