Jackware: Ransomware’s more dangerous cousin

Jackware: Ransomware’s more dangerous cousin

Ransomware continues to be a major threat to businesses in 2021. The Sophos State of Ransomware 2021 report found that 37% of organizations suffered a ransomware attack in the past 12 months. While this number has dropped from 51% in 2020, the financial impact of an attack has more than doubled to $1.85 million in 2021 from $761,106 in 2020. This is largely because ransomware attacks have become more complex and targeted, making them harder to recover from.

Ransomware is forecasted to become even more damaging that the FBI has already requested $40 million to help combat future attacks. Unfortunately, there’s a new type of ransomware that is 10 times more dangerous than the original: jackware.

Related reading: 5 Telltale signs of a ransomware attack

What is jackware?

The original ransomware and jackware share the same goal: to extort money from victims. However, while ransomware blocks users from accessing their files and computer systems, jackware hijacks the embedded device/s in a machine to lock up the machine itself.

Embedded devices are tiny computers that are part of a bigger machine. They are designed to perform a highly specific function, which is why they run a single application. Embedded devices can be found in all types of machines ranging from small devices like calculators, microwaves, cameras, and phones to big machines like ATMs, MRI scanners, automobiles, and airplanes.

Just like PCs, embedded devices are vulnerable to malware. The problem is that when an embedded device is hijacked, the larger physical machine it is part of is crippled. For example, if jackware hacks a car’s electronic control unit (an embedded device), the engine or brakes could malfunction. This could cause the driver to lose control of the vehicle and get into an accident.

Jackware could also shut down pipelines and subways for months, sabotage planes, or trigger an explosion at an electric substation. It could destroy million-dollar CT scan machines and other medical devices. If a patient is hooked up to a dialysis machine and that machine is hijacked, then there could be fatal consequences.

In other words, jackware could disrupt critical services and supplies, cause permanent physical damage to systems, and endanger people’s lives.

Have jackware attacks happened?

Cybersecurity experts say it’s only a matter of time before jackware attacks take place. However, there have already been malware attacks targeting physical machines.

In 2010, a malware attack disrupted Iran’s nuclear weapons program by temporarily taking down the computer systems that were controlling mechanisms responsible for purifying uranium.

In 2015, Russian hackers compromised the IT systems of three of Ukraine’s energy distribution companies, temporarily disrupting power supply to consumers.

In 2018, the spyware Kwampirs was detected on computers that support MRIs and X-rays and on devices patients use to fill out consent forms. Researchers believe that hackers are using it to conduct espionage on the healthcare sector.

In 2020, the Malware-as-a-Service platform Trickbot was found attempting to attack UEFI firmware chips inside targeted PCs, which could be used to remotely cause severe physical damage to the underlying hardware so that the PCs can no longer run.

Start preparing for jackware

While we have yet to see jackware become a reality, organizations must already start thinking about defending against it. Aside from traditional security techniques, such as authenticating, filtering, and encrypting, you’ll also need effective measures aimed at protecting connected and embedded devices.

For advanced cybersecurity solutions and expertise, you can rely on Online Computers. With our help, you can rest easy knowing that your IT systems will remain protected even from new and sophisticated cyberthreats. Contact us today to get started.

To learn more about the essential cybersecurity solutions you must have, read our FREE eBook.

Keep all types of cyberthreats at bay by adopting our comprehensive cybercrime defense game plan. Download our free eBook today to learn how!Download here