{"id":72119,"date":"2023-09-27T04:00:28","date_gmt":"2023-09-27T11:00:28","guid":{"rendered":"https:\/\/forescoutstage.wpengine.com\/?p=72119"},"modified":"2025-04-16T09:59:15","modified_gmt":"2025-04-16T13:59:15","slug":"r4iot-when-ransomware-meets-the-internet-of-things","status":"publish","type":"post","link":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/","title":{"rendered":"R4IoT: When Ransomware Meets the Internet of Things"},"content":{"rendered":"<p><em>Originally published June 1, 2022<\/em><\/p>\n<p>In mid-2022, Forescout Research &#8211; Vedere Labs developed R4IoT, a proof-of-concept that showed how IoT devices could become entry points for IT and further OT ransomware attacks. The original blog post, below, explains how we came to create R4IoT and why. Our <a href=\"\/blog\/2023h1-threat-review-vulnerabilities-threat-actors-malware\/\">2023H1 Threat Review<\/a> included ample evidence that cross-device attacks like R4IoT are now a reality. Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it&#8217;s not enough to detect emerging threats; you must also be able to respond to them.<\/p>\n<p>Since unveiling R4IoT, Forescout launched our own threat detection and response solution, <a href=\"\/solutions\/threat-detection-and-response\/\" target=\"_blank\" rel=\"noopener\">Forescout Threat Detection &#038; Response<\/a>, part of the Forescout Platform. The following video tells the full story of what an R4IoT attack looks like and how Forescout Threat Detection &#038; Response can work with your other security tools, including almost any endpoint detection and response (EDR) solution, to detect a cross-device attack like R4IoT as it unfolds, alert the SOC of a true threat and initiate policy-based remediation. There&#8217;s also a <a href=\"\/ebook-detecting-responding-to-mixed-it-iot-ot-threats-with-xdr\/\" target=\"_blank\" rel=\"noopener\">companion eBook<\/a>.<\/p>\n<p>Enjoy the video. Then, read on to understand the anatomy of a ransomware attack involving IoT.<\/p>\n<p><script src=\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu.jsonp\" async><\/script><script src=\"https:\/\/fast.wistia.com\/assets\/external\/E-v1.js\" async><\/script><\/p>\n<div class=\"wistia_responsive_padding\" style=\"padding: 56.25% 0 0 0; position: relative;\">\n<div class=\"wistia_responsive_wrapper\" style=\"height: 100%; left: 0; position: absolute; top: 0; width: 100%;\">\n<div class=\"wistia_embed wistia_async_l6p1zgfsnu seo=true videoFoam=true\" style=\"height: 100%; position: relative; width: 100%;\">\n<div class=\"wistia_swatch\" style=\"height: 100%; left: 0; opacity: 0; overflow: hidden; position: absolute; top: 0; transition: opacity 200ms; width: 100%;\"><img decoding=\"async\" style=\"filter: blur(5px); height: 100%; object-fit: contain; width: 100%;\" src=\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch\" alt=\"\" aria-hidden=\"true\" \/><\/div>\n<\/div>\n<\/div>\n<\/div>\n<p>Over the past few years, ransomware has been evolving because of two ongoing trends:<\/p>\n<ol>\n<li>Digital transformation driving rapid growth in the number of IoT devices in organizations<\/li>\n<li>The convergence of IT and OT networks<\/li>\n<\/ol>\n<p>Ransomware actors have been evolving quickly and have moved from purely encrypting data until circa 2019 to exfiltrating data before encryption in 2020 to large extortion campaigns with several phases in 2021. The trend continued in early 2022 with the emergence of new and very sophisticated ransomware families such as <a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/win.blackcat\" target=\"_blank\" rel=\"noopener\">ALPHV<\/a> and more attacks by ransomware-as-a-service (RaaS) gangs such as <a href=\"\/resources\/analysis-of-conti-leaks\/\" target=\"_blank\" rel=\"noopener\">Conti<\/a>. This evolution in attacker methods means that ransomware gangs could now cripple the operations of virtually any organization.<\/p>\n<p>Today, Forescout Vedere Labs is releasing an <a href=\"\/resources\/r4iot-next-generation-ransomeware-report\/\" target=\"_blank\" rel=\"noopener\">information report<\/a> that includes a detailed playbook describing how organizations can protect themselves against a new type of ransomware attack that leverages IoT devices, such as video cameras, to deploy ransomware. The report includes a comprehensive, proof-of- concept demonstration of this new attack vector that Forescout Vedere Labs predicts will be the next step in ransomware evolution \u2013 we call this new attack approach \u201c<a href=\"\/research-labs\/r4iot\/\">Ransomware for IoT<\/a>,\u201d or R4IoT. The R4IoT report describes how IoT devices can be exploited for initial access and lateral movement to IT and OT devices, with the objective of causing physical disruption of business operations.<\/p>\n<p>The proof-of-concept ransomware described in the R4IoT report exploits the first trend (growth in IoT devices) by using exposed vulnerable devices, such as an IP video camera or a network-attached storage (NAS) device, as the initial access point to the network. It exploits the second trend (convergence of IT and OT networks) to hold OT devices hostage, thus adding another layer of extortion to an attack campaign.<\/p>\n<p><strong>This research is the first of its kind because:<\/strong><\/p>\n<ul>\n<li>We implemented and describe in detail detection and response actions for an R4IoT attack that serve as a playbook for organizations looking to defend against both current and future threats.<\/li>\n<li>This is the first work to combine the worlds of IT, OT and IoT ransomware and to have a full proof-of-concept from initial access via IoT to lateral movement in the IT network and then impact in the OT network. Beyond just encryption, the proof-of-concept on IT equipment includes deployment of crypto miner software and data exfiltration.<\/li>\n<li>The impact on OT is not limited to standard operating systems (e.g., Linux) or device types (e.g., building automation), does not require persistence or firmware modification on the targeted devices, and works at scale on a wide variety of devices impacted by TCP\/IP stack vulnerabilities.<\/li>\n<\/ul>\n<p>This proof-of-concept, shown in the video above and detailed in the <a href=\"\/resources\/r4iot-next-generation-ransomeware-report\/\" target=\"_blank\" rel=\"noopener\">technical report<\/a>, is a clear demonstration of how IoT and OT exploits can be combined with a traditional attack campaign. It also shows that to mitigate this type of attack, organizations need solutions that allow for extensive visibility and enhanced control of all the assets in a network.<\/p>\n<p>&nbsp;<\/p>\n<h2>Ransomware mitigation<\/h2>\n<p>Beyond demonstrating how an R4IoT attack works, the report shows that there are ways to mitigate both the likelihood and the impact of this type of incident on organizations, thus decreasing the overall risk that they face. Three important observations from our study of the ransomware threat landscape make mitigation of this threat possible across the <a href=\"https:\/\/www.nist.gov\/cyberframework\/getting-started\" target=\"_blank\" rel=\"noopener\">NIST Cybersecurity Framework<\/a> functions:<\/p>\n<ul>\n<li><strong>Identification and Protection<\/strong> are possible because hundreds of very similar attacks happen simultaneously. For instance, Conti had more than 400 successful attacks on U.S. and international organizations in 2021. That means it is possible to identify devices and vulnerabilities being <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog\" target=\"_blank\" rel=\"noopener\">actively exploited<\/a> so their protection can be prioritized.<\/li>\n<li><strong>Detection<\/strong> is possible because most tools and techniques these actors use are well-known. We present the top tactics, techniques and procedures (TTPs) used by malware in 2021.<\/li>\n<li><strong>Response and Recovery<\/strong> are possible because attacks are not immediate and fully automated. The <a href=\"https:\/\/vision.fireeye.com\/editions\/11\/11-m-trends.html\" target=\"_blank\" rel=\"noopener\">average dwell time<\/a> of ransomware attackers was five days in 2021.<\/li>\n<\/ul>\n<p>Implementing this mitigation requires extensive visibility and enhanced control of all assets in a network. In addition to continuous threat detection and response from Forescout Threat Detection &#038; Response, the Forescout Platform helps to achieve that via:<\/p>\n<ul>\n<li>Unparalleled <a href=\"\/products\/eyesight\/\">insight<\/a>\u00a0across your entire asset landscape without disrupting critical business processes. After discovering connected devices, Forescout auto-classifies and assesses those devices against company policies. The powerful combination of these three capabilities\u2014 discovery, classification and assessment\u2014delivers the asset visibility to drive appropriate policies and action.<\/li>\n<li>In-depth visibility and cyber resilience with <a href=\"\/products\/eyeinspect\/\">asset and communications inventory<\/a> based on DPI. This allows for network monitoring and threat hunting capabilities, such as threat and vulnerability indicators.<\/li>\n<li>Accelerated design, planning and deployment of dynamic network segmentation across the extended enterprise to reduce your attack surface and regulatory risk. It simplifies the process of creating context-aware segmentation policies and allows visualization and simulation of policies prior to enforcement for proactive fine-tuning and validation.<\/li>\n<li>Sharing device context between the Forescout Platform and other IT and security products to <a href=\"\/products\/eyeextend\/\">automate policy enforcement<\/a> across disparate solutions and accelerate system- wide response to mitigate risks.<\/li>\n<\/ul>\n<div style=\"align: center;\">\n<a href=\"\/resources\/r4iot-next-generation-ransomeware-report\/\"  title=\"Download the Report\" class=\"c-btn c-btn--primary icon-position-right\" target=\"_blank\"><span class=\"cta-button-text\">Download the Report<\/span><\/a>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Since unveiling R4IoT, Forescout launched our own threat detection and response solution, Forescout XDR, part of the Forescout Platform. The following video tells the full story of what an R4IoT attack looks like and how Forescout XDR can work with your other security tools, including almost any endpoint detection and response (EDR) solution, to detect a cross-device attack like R4IoT as it unfolds, alert the SOC of a true threat and initiate policy-based remediation.<\/p>\n","protected":false},"author":124,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"ep_exclude_from_search":false,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[562,540],"tags":[],"coauthors":[542],"class_list":["post-72119","post","type-post","status-publish","format-standard","hentry","category-news-and-views","category-research-and-cyber-alerts"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>R4IoT: When Ransomware Meets the Internet of Things - Forescout<\/title>\n<meta name=\"description\" content=\"Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it&#039;s not enough to detect emerging threats; you must also be able to respond to them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"R4IoT: When Ransomware Meets the Internet of Things - Forescout\" \/>\n<meta property=\"og:description\" content=\"Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it&#039;s not enough to detect emerging threats; you must also be able to respond to them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\" \/>\n<meta property=\"og:site_name\" content=\"Forescout\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ForescoutTechnologies\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-27T11:00:28+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-16T13:59:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch\" \/>\n<meta name=\"author\" content=\"Forescout Research - Vedere Labs\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Forescout\" \/>\n<meta name=\"twitter:site\" content=\"@Forescout\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\"},\"author\":{\"name\":\"Forescout Research - Vedere Labs\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984\"},\"headline\":\"R4IoT: When Ransomware Meets the Internet of Things\",\"datePublished\":\"2023-09-27T11:00:28+00:00\",\"dateModified\":\"2025-04-16T13:59:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\"},\"wordCount\":1071,\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch\",\"articleSection\":[\"News &amp; Views\",\"Research &amp; Cyber Alerts\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\",\"url\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\",\"name\":\"R4IoT: When Ransomware Meets the Internet of Things - Forescout\",\"isPartOf\":{\"@id\":\"https:\/\/www.forescout.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch\",\"datePublished\":\"2023-09-27T11:00:28+00:00\",\"dateModified\":\"2025-04-16T13:59:15+00:00\",\"description\":\"Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it's not enough to detect emerging threats; you must also be able to respond to them.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage\",\"url\":\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch\",\"contentUrl\":\"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.forescout.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"R4IoT: When Ransomware Meets the Internet of Things\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.forescout.com\/#website\",\"url\":\"https:\/\/www.forescout.com\/\",\"name\":\"Forescout\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.forescout.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.forescout.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.forescout.com\/#organization\",\"name\":\"Forescout Technologies, Inc.\",\"url\":\"https:\/\/www.forescout.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"contentUrl\":\"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg\",\"width\":1,\"height\":1,\"caption\":\"Forescout Technologies, Inc.\"},\"image\":{\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ForescoutTechnologies\",\"https:\/\/x.com\/Forescout\",\"https:\/\/www.instagram.com\/forescouttechnologies\/\",\"https:\/\/www.linkedin.com\/company\/forescout-technologies\",\"https:\/\/www.youtube.com\/user\/forescout1\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984\",\"name\":\"Forescout Research - Vedere Labs\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.forescout.com\/#\/schema\/person\/image\/b4c8db5600adef8fa1a89cc86e15c781\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g\",\"caption\":\"Forescout Research - Vedere Labs\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"R4IoT: When Ransomware Meets the Internet of Things - Forescout","description":"Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it's not enough to detect emerging threats; you must also be able to respond to them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/","og_locale":"en_US","og_type":"article","og_title":"R4IoT: When Ransomware Meets the Internet of Things - Forescout","og_description":"Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it's not enough to detect emerging threats; you must also be able to respond to them.","og_url":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/","og_site_name":"Forescout","article_publisher":"https:\/\/www.facebook.com\/ForescoutTechnologies","article_published_time":"2023-09-27T11:00:28+00:00","article_modified_time":"2025-04-16T13:59:15+00:00","og_image":[{"url":"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch","type":"","width":"","height":""}],"author":"Forescout Research - Vedere Labs","twitter_card":"summary_large_image","twitter_creator":"@Forescout","twitter_site":"@Forescout","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#article","isPartOf":{"@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/"},"author":{"name":"Forescout Research - Vedere Labs","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984"},"headline":"R4IoT: When Ransomware Meets the Internet of Things","datePublished":"2023-09-27T11:00:28+00:00","dateModified":"2025-04-16T13:59:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/"},"wordCount":1071,"publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage"},"thumbnailUrl":"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch","articleSection":["News &amp; Views","Research &amp; Cyber Alerts"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/","url":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/","name":"R4IoT: When Ransomware Meets the Internet of Things - Forescout","isPartOf":{"@id":"https:\/\/www.forescout.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage"},"image":{"@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage"},"thumbnailUrl":"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch","datePublished":"2023-09-27T11:00:28+00:00","dateModified":"2025-04-16T13:59:15+00:00","description":"Some threat actors are routinely mixing traditional endpoints with unmanaged devices such as VPN appliances, routers, network attached storage (NAS) and building automation devices as part of their attack campaigns. Clearly, it's not enough to detect emerging threats; you must also be able to respond to them.","breadcrumb":{"@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#primaryimage","url":"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch","contentUrl":"https:\/\/fast.wistia.com\/embed\/medias\/l6p1zgfsnu\/swatch"},{"@type":"BreadcrumbList","@id":"https:\/\/www.forescout.com\/blog\/r4iot-when-ransomware-meets-the-internet-of-things\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.forescout.com\/"},{"@type":"ListItem","position":2,"name":"R4IoT: When Ransomware Meets the Internet of Things"}]},{"@type":"WebSite","@id":"https:\/\/www.forescout.com\/#website","url":"https:\/\/www.forescout.com\/","name":"Forescout","description":"","publisher":{"@id":"https:\/\/www.forescout.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.forescout.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.forescout.com\/#organization","name":"Forescout Technologies, Inc.","url":"https:\/\/www.forescout.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","contentUrl":"https:\/\/www.forescout.com\/wp-content\/uploads\/2019\/01\/forescout-logo.svg","width":1,"height":1,"caption":"Forescout Technologies, Inc."},"image":{"@id":"https:\/\/www.forescout.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ForescoutTechnologies","https:\/\/x.com\/Forescout","https:\/\/www.instagram.com\/forescouttechnologies\/","https:\/\/www.linkedin.com\/company\/forescout-technologies","https:\/\/www.youtube.com\/user\/forescout1"]},{"@type":"Person","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/038ef2eda17d37f87d9978fa703ee984","name":"Forescout Research - Vedere Labs","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.forescout.com\/#\/schema\/person\/image\/b4c8db5600adef8fa1a89cc86e15c781","url":"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6f43608a91eb86cde1564e21650235d0ed570d1ae0fbd371a265636ed603e70d?s=96&d=mm&r=g","caption":"Forescout Research - Vedere Labs"}}]}},"featured_media_url":false,"is_file":false,"excerpt_manually_set":true,"_links":{"self":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/72119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/users\/124"}],"replies":[{"embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/comments?post=72119"}],"version-history":[{"count":0,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/posts\/72119\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/media?parent=72119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/categories?post=72119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/tags?post=72119"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.forescout.com\/wp-json\/wp\/v2\/coauthors?post=72119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}