Ransomware And The Internet Of Things (IoT)

03 July 2017

In 2016 malicious emails containing Ransomware skyrocketed 6,000% compared with 2015, according to research carried out by IBM.

Cybercriminals are nothing if not imaginative. That is why Ransomware is constantly evolving to keep up with the changes in technology. By way of example, a hotel was recently targeted with Ransomware that resulted in the key card system being taken over, meaning they could not give access to hotel rooms for guests until the ransom was paid.

Traditionally, the design of  Ransomware is to target the largest possible scope of devices in an effort to make the most profit. The motivation to pay this ransom is the loss of valuable information contained therein. In the case of Internet of Things (IoT) devices, such as smart TVs and fridges, the motivation is slightly different.

In recent months, smart TVs have become the latest target of Ransomware. With cyber-criminals effectively rendering the devices useless. So why are smart TVs being targeted?

The secret is not the value of data, but the urgency in which the owner needs it. Getting ready to settle down with friends to watch the Premiership football match of the season? Then understandably you’ll want your TV back and operational.

Shockingly, almost 40% of consumers stated in the same IBM survey that they would be willing to pay more than $100 to get their data back. And so while targeting the devices of individuals may not result in big sums for a cyber-criminal in each case, it’s the number of consumers infected that makes going after personal devices such a lucrative market.

As a result, we are now at a crossroads when it comes to Ransomware. Namely;  who is ultimately liable for an IoT Ransomware attack and what are we going to do about it?

In the case of the recent smart TV attacks, liability appeared to sit with the manufacturer. As such, do we expect to see manufacturers of IoT devices redouble their efforts to address the threat posed by Ransomware?

If truth be told, as consumers we are all going to have to accept that Ransomware attacks are here to stay and will become increasingly frequent and personal.

Chuck Robbins, CEO at Cisco, estimates that by 2030 there will be 500 billion devices and objects connected to the Internet. For the cyber-criminal, this is music to their ears.

As consumers, the time has come to demand the manufactures of IoT devices take the time to consider and put in place the necessary safeguards to protect our privacy and safety in the products they're selling us.

With the technology in our homes increasingly being connected to the Internet, we are all rich pickings for the cyber-criminal and no one more so than prominent and successful individuals. So before you go out and purchase the latest piece of smart technology for your home, do consider the risks posed to your privacy by IoT devices.

Receive our monthly newsletter

About the Author


+44 (0)20 7034 9000
Our 24 hour number
+44 (0)20 7034 9000
Legal information

© 2021 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.