A Novel Framework for Studying the Business Impact of Ransomware on Connected Vehicles

Abstract

Connected vehicle technology is rapidly evolving. In the U.S. the government targets that 50% of all vehicles be electric by 2030 in order to reduce climate change. This initiative comes in the wake of an increased spate of ransomware attacks targeting transportation companies. Unlike traditional ransomware targeting computer networks, the compromise of vehicles can have disastrous consequences on businesses and ultimately the national economy as was evident in the recent Colonial pipeline attack. This research proposes a novel framework to study the spread of ransomware and its impact on connected vehicles. Our contribution is fourfold: (1) Three different ransomware infection vectors are considered for connected vehicles namely a hotspot attack, OBD dongle attack and malicious OTA updates. (2) Business impact of the ransomware is analyzed on a ride-hailing service. (3) A fog computing architecture is used to reduce latency in vehicle-to-vehicle communication and vehicle to base station communication. (4) The effectiveness of safeguard controls is studied in mitigating the ransomware spread. Our results show that ransomware can have a debilitating impact on connected vehicle businesses due to their high mobility and connectivity with attacks on average impacting earnings by 45% per hour.