Even the Automotive World Isn’t an Exception – Ransomware Attacks

With all the crimes happening in the world today, it really can be hard to protect your valuables and the automotive world is no exception. Sure, there’s the daily crimes you hear about on the news with stolen vehicles and break ins involving vehicles, but there is also vehicle ownerships being compromised – better known as ransomware attacks – and recently there’s been an up rise in them. 

In 2023, auto theft was described as a “crisis” and truthfully, it’s only gotten worse since then. An article in the Toronto Star even goes on to say that auto theft in the city of Toronto alone has gone up in the past 20 years – and this is only based on the incidents that were reported and known about. Many times, big car companies will pay top dollar to keep stories out of the news – especially stories like these.  

In this week’s blog post, we will be covering a couple key points surrounding this subject:

• What is a ransomware attack? 
• What does it mean for you?
• How does it happen?
• How can you protect yourself?
• Next steps for you if you happen to fall victim or know someone who has

What is a Ransomware Attack, What Does It Mean for You, and How Does It Happen?

First things first, what is it? A ransomware attack by definition is pretty similar to what it is known as in other sectors – a thief stealing your property (in this case a car), without actually ever taking possession of it. The only way to get it back? That’s right, you guessed it, pay a ransom. 

During a ransomware attack, you’ve basically lost all control over the vehicle and if you happen to be operating it at the same time the system is hacked, this can be the scariest part. For instance, you may be waiting behind a car at a red light, obviously your foot would be on the brake pedal. When hacked, you lose complete control over the vehicle, and not to get dark or anything but if the attacker has it out for you, good luck. The hacker may have adjusted the speed to the vehicle which now has the vehicle in motion, and you just have to sit there and watch the disaster as it is unfolding. 

Ransomware attacks may appear random, but they not always are. There are many habits you may have in your daily life that you don’t even know are connected or can be connected back to the incident occurring. A simple thing as downloading a video for the kiddies to watch while you drive can trigger this. So be mindful of the sites you visit and the links you click on. 

With many vehicles coming equipped with internet connectivity this may seem like a good thing in retrospect, but it really isn’t. I mean why can’t we go back to cars that were used to just drive! But that’s just me and I digress. 

How Can You Protect Yourself?

Now there are different ways to protect your vehicle, but they cost money and especially living in a time like we are in the present, as sad as it is to admit, investing money into protecting your car, is sometimes the last thing on people’s minds, especially those who have families and major responsibilities to take care of. 

But if you are one of those who would do anything to protect their car, I have included a shortened list of possible investments worth looking into: 

• Invest in a steering wheel lock device – This is placed on the steering wheel when the vehicle is parked and won’t be driven for a bit, and prevents thieves from making their great escape quicker. They would have obviously tripped the car’s alarm and would be too distracted trying to remove the device to really pay attention to what’s going on around them 
• Purchase a high security surveillance system or a backup camera device that is always recording and footage can be uploaded and stored – This would honestly be the smartest investment to make, not only will it record live when you are driving in the case of an accident, but it can help catch thieves quicker if an incident ever occurred
  • A GPS can also be bought in the case the car is actually stolen, when in motion, live tracking will be provided to get the car back easier
• Lock the onboard diagnostic port using a simple device – This blocks access for thieves when they are trying to reprogram the key fob    
• Park your vehicle in a closed / locked garage (if possible) 
• When the key is not in use, place the key fob inside a radio frequency bag / pouch to block cell signals

Next Steps to Take After a Ransomware Attack has Occurred and How to Recover

So for whatever reason after following these tips provided above, you still find yourself in a situation where you or someone you know has fallen victim to this crime. What happens next? Well the important thing is you need to remain calm. If this is an incident that occurred while you were not in the vehicle, consider yourself LUCKY. It may seem like the world is falling apart right now, but understand this – it is not the end of the world, you made it through. 

It may be smart to come up with a recovery plan ahead of time though, just in case it will ever come in handy – you never know. But if you don’t have one or don’t know where to start, not to worry, we will provide a few key points below to help get this process started. 

1. Find the trigger file and remove it 

Now, this might not be something you would be able to do on your own – you may have to take the vehicle to your mechanic or even back to where you bought it from (if you bought it from a dealer). Attacking this right from the source or potential source, would help to alleviate any future attacks and start to get your peace of mind back. 

2. Determine the attack style 

Again, this might not be something you can figure out on your own, you may have to go to a computer wiz for this, but this is another really helpful thing to do to get back on the right track. Knowing how the attack was even possible might deter you away from going on certain untrustworthy sites again. For general knowledge, there are 2 principal forms of ransomware – screen locking and encryption based. 

3. Disconnect all devices 

Even after the attack may seem like it’s over, there is still the possibility it can infect other devices, so you need to make sure to disconnect everything that is connected to the affected device or has the possibility to be affected. At least this way, if the device(s) have to be replaced after, your pocket won’t feel it too much because only the device in question will have to be replaced. 

~~~

At this point, you may be asking yourself if this is something insurance companies will help with – and that really is a great question. Now this can become a very tricky topic, so although I’m going to do a mini dive into this now, I will refer you to talk with your insurance companies to double check – policies will vary from company to company. 

Insurance companies in the automotive world will cover auto theft – if someone physically takes the car away from you without your knowledge – and this falls under comprehensive coverage. When it comes to personal auto-related cybercrimes though, it becomes a different story. There are very few protocols that help protect the owner from this. As a matter of fact, the only cyber insurance policies available on the market are to homes and businesses. 

But why you may ask? Well, believe it or not, auto related cybercrimes don’t happen as often as you may think and are not something that is posed as an everyday threat to the public….Trust me I know, I’m just reporting things as they are nothing from my personal opinion. 

According to the Senior Vice President of Cyber Solutions at Toronto’s Aon, Ady Sharma, “From a personal car perspective, the risk is relatively fairly low when it comes to cyber-attacks…Where there is an exposure is out in the field, in mining sites and manufacturing facilities, where they’re using autonomous trucks, haul trucks, etc. That’s much more of an up-and-coming exposure.”

But the funnier thing (sarcastically speaking) is these companies are actually doing something about this issue. They care! Due to the recent rise of incidents targeting the physical manufacturing sector – manufacturing facilities, mining companies, and construction firms’, insurers have policies in place called “property average exposure”. This will cover anything non-physical – the cost of restoring a network from a cyber attack for example, or even installing security. Coverage is also available for physical damage – if a hacker takes control of an autonomous vehicle that proceeds to cause damage to the facility or other heavy machinery or devices. 

So what happened to the automotive world? Especially living in the day and age of more and more people owning electric cars and Teslas?

~~~

4. Understand the ransomware

Familiarize yourself with the coding and as much information as you can about the attack. Not only will this help you in the case that it happens again, but you will also be able to help someone else if they ever need it. Plus, general knowledge is just as good a reason as any to learn something new! 

Understanding the ransomware is really important because it will determine or at least help to determine if recovering the data is even possible at this point through the use of a web based software. Decoding the encrypted malware might also be possible – but again, seek professional guidance when doing this, simply to ensure this step is done right. 

5. Restore system files 

In any case when it comes to a ransomware attack, restoring the “lost” files will always be something you want to do. This is a step that can be done through backed-up data but this needs to be done carefully. Ransomware has the capability of lasting for up to 6 months in some cases, so malware might have infected the archived backed-up data as well. In this case, it is better to consider the “lost” data lost and move on, because there is no point in the system catching another virus while trying to recover files that were impacted by the initial ransomware. Either way, it is safe practice to run an anti-malware package on all systems before restoring.