1. IN Groupe
  2. /
  3. Newsroom
  4. /
  5. Insights
  6. /
  7. Are you prepared for R4IoT – the ransomware for IoT that attacks IT & OT?

Are you prepared for R4IoT – the ransomware for IoT that attacks IT & OT?

As organizations have ramped up their efforts against the threat of ransomware, the nature of these attacks itself has evolved from just encryption to double and triple extortion. The next anticipated step in ransomware evolution is focus on operation technology (OT) network rather than only the IT network.


What is R4IoT?

Forescout recently released details about how organizations could be targeted with the next generation ransomware, R4IoT. They define R4IoT as “a novel, proof-of-concept ransomware that exploits an IoT device to gain access and move laterally in an IT network and impact the OT network”.

This release demonstrates how the ransomware could leverage the latest trends of growing IoT adoption and increasing IT-OT convergence to gain access to critical systems. By compromising IoT, IT, and OT assets, R4IoT could potentially aim for physical disruption of business operations. A definitive strategy to protect against such infiltration is to implement Zero-trust security.

Securing with the Zero-trust approach

In a Zero Trust architecture, you do not trust anyone or anything before verifying who they are and what access rights they have. This can only be accomplished when every device, user, and network flow is authenticated and authorized.

Also read: What is Zero-trust security approach?

Trusted identities are at the foundation of this security approach. PKI (public key infrastructure) platforms offer a secure and highly scalable option to issue and automate the management of trusted identities. Thus, ensuring that only authorized and authenticated devices and services are allowed to connect and communicate within a network.

Security for IoT devices & applications

With the rapid adoption of IoT, organizations have overlooked the grievous implications of implementing subpar security measures for IoT devices and applications.

Device manufacturers must consider deploying a certificate authority in the factory – a Factory CA – to issue all IoT devices a trusted identity at the manufacturing stage itself. This initial identity allows the device to authenticate and securely communicate with an IoT application.

IoT applications are leveraged by organizations across the connected industries – healthcare IoT, critical infrastructure, connected vehicles, smart grids, smart homes, and more – in multiple scenarios. These organizations can ensure lifecycle management of the IoT devices’ identity throughout its lifetime with a Lifecycle CA.

Also, very resource constrained IoT devices, such as battery powered sensors, should be secured with PKI, and be provisioned with certificates from a CA based on the latest certificate management protocols.

PKI is the key

Traditional response to IT ransomware is to take the systems offline to stop further invasion. This, however, is counter-productive in an OT environment. Organizations shutting down their OT systems to avoid infiltration or a shut-down caused by the infection, both lead to the primary intent of the R4IoT ransomware attack – halting critical business operations.

PKI provides the perfect means to enable true end-to-end security by ensuring device authentication, data integrity, and confidentiality.

PKI platforms such as Nexus Smart ID, an identity platform offered by IN Groupe, help build a zero-trust environment to secure rapid digital transformation. A proven CA solution, Smart ID empowers organizations to register, issue, and manage trusted identities for the IoT devices, workforce, workplace devices, IT networks, and SCADA systems. Based on standard and automated certificate management protocols, it offers flexible deployment options where the solution can be deployed on-premise, cloud, or hybrid.