Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices

Calvin Brierley; Yuxiang Huang; Yichao Wang; James Pope; George Oikonomou; Budi Arief

Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices

Calvin Brierley, Yuxiang Huang, Yichao Wang, James Pope, George Oikonomou, Budi Arief

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

Abstract

The ``Internet of Things'' (IoT) is a term used to describe smart devices that are capable of connecting to a network. IoT devices can take many forms, such as cameras, televisions, or home assistants, and are often designed to perform specific tasks. While they only require limited processing power to achieve their intended purpose, their connected nature means they are still vulnerable to attack. Most IoT-based malware is designed to infect devices using General Purpose Operating Systems, such as Linux. Malware targeting ``constrained'' IoT devices, which have lower hardware specifications and implement bare-metal firmware or a Real Time Operating System, are significantly less common, as they present a number of challenges that can hinder malware development. In this work, we identify these challenges and assess the viability of implementing functional ransomware that targets constrained IoT devices. We then test our findings by developing a ransomware Proof of Concept capable of locking a target system and spreading throughout a network. Finally, we analyse the ransomware's performance against an intentionally vulnerable testbed to identify the requirements and limitations of -- as well as potential countermeasures against -- ransomware targeting constrained IoT devices.

Original language	English
Title of host publication	2026 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment
Subtitle of host publication	DIMVA 2026
Publisher	Springer
Publication status	Accepted/In press - 16 Feb 2026
Event	23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment - Chania, Greece Duration: 1 Jul 2026 → 3 Jul 2026 Conference number: 23rd https://www.dimva.org/dimva2026/

Publication series

Name	DIMVA: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Publisher	Springer
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment
Abbreviated title	DIVMA 2026
Country/Territory	Greece
City	Chania
Period	1/07/26 → 3/07/26
Internet address	https://www.dimva.org/dimva2026/

Research Groups and Themes

Intelligent Systems Laboratory
Communication Systems and Networks

Handle.net

Persistent link

Embargoed Document

Full-text PDF (accepted manuscript)
Accepted author manuscript, 806 KB
Licence: CC BY
Embargo ends: 1/01/99

CHARIOT: Countering HArms caused by Ransomware in the Internet Of Things
Oikonomou, G. (Principal Investigator), Pope, J. (Co-Investigator), Huang, Y. (Researcher) & Li, H. (Researcher)
1/09/23 → 31/08/26
Project: Research

Cite this

Brierley, C., Huang, Y., Wang, Y., Pope, J., Oikonomou, G., & Arief, B. (Accepted/In press). Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices. In 2026 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment: DIMVA 2026 (DIMVA: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment). Springer.

@inproceedings{856ed3dd2f004ba599ddc6c118d035e2,

title = "Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices",

abstract = "The ``Internet of Things'' (IoT) is a term used to describe smart devices that are capable of connecting to a network. IoT devices can take many forms, such as cameras, televisions, or home assistants, and are often designed to perform specific tasks. While they only require limited processing power to achieve their intended purpose, their connected nature means they are still vulnerable to attack. Most IoT-based malware is designed to infect devices using General Purpose Operating Systems, such as Linux. Malware targeting ``constrained'' IoT devices, which have lower hardware specifications and implement bare-metal firmware or a Real Time Operating System, are significantly less common, as they present a number of challenges that can hinder malware development. In this work, we identify these challenges and assess the viability of implementing functional ransomware that targets constrained IoT devices. We then test our findings by developing a ransomware Proof of Concept capable of locking a target system and spreading throughout a network. Finally, we analyse the ransomware's performance against an intentionally vulnerable testbed to identify the requirements and limitations of -- as well as potential countermeasures against -- ransomware targeting constrained IoT devices.",

author = "Calvin Brierley and Yuxiang Huang and Yichao Wang and James Pope and George Oikonomou and Budi Arief",

year = "2026",

month = feb,

day = "16",

language = "English",

series = "DIMVA: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment",

publisher = "Springer",

booktitle = "2026 23rd Conference on Detection of Intrusions and Malware \& Vulnerability Assessment",

address = "United States",

note = "23rd Conference on Detection of Intrusions and Malware \& Vulnerability Assessment, DIVMA 2026 ; Conference date: 01-07-2026 Through 03-07-2026",

url = "https://www.dimva.org/dimva2026/",

}

Brierley, C, Huang, Y, Wang, Y, Pope, J , Oikonomou, G & Arief, B 2026, Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices. in 2026 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment: DIMVA 2026. DIMVA: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Springer, 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment, Chania, Greece, 1/07/26.

Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices. / Brierley, Calvin; Huang, Yuxiang; Wang, Yichao et al.
2026 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment: DIMVA 2026. Springer, 2026. (DIMVA: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment).

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Turbulence

T2 - 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment

AU - Brierley, Calvin

AU - Huang, Yuxiang

AU - Wang, Yichao

AU - Pope, James

AU - Oikonomou, George

AU - Arief, Budi

N1 - Conference code: 23rd

PY - 2026/2/16

Y1 - 2026/2/16

N2 - The ``Internet of Things'' (IoT) is a term used to describe smart devices that are capable of connecting to a network. IoT devices can take many forms, such as cameras, televisions, or home assistants, and are often designed to perform specific tasks. While they only require limited processing power to achieve their intended purpose, their connected nature means they are still vulnerable to attack. Most IoT-based malware is designed to infect devices using General Purpose Operating Systems, such as Linux. Malware targeting ``constrained'' IoT devices, which have lower hardware specifications and implement bare-metal firmware or a Real Time Operating System, are significantly less common, as they present a number of challenges that can hinder malware development. In this work, we identify these challenges and assess the viability of implementing functional ransomware that targets constrained IoT devices. We then test our findings by developing a ransomware Proof of Concept capable of locking a target system and spreading throughout a network. Finally, we analyse the ransomware's performance against an intentionally vulnerable testbed to identify the requirements and limitations of -- as well as potential countermeasures against -- ransomware targeting constrained IoT devices.

AB - The ``Internet of Things'' (IoT) is a term used to describe smart devices that are capable of connecting to a network. IoT devices can take many forms, such as cameras, televisions, or home assistants, and are often designed to perform specific tasks. While they only require limited processing power to achieve their intended purpose, their connected nature means they are still vulnerable to attack. Most IoT-based malware is designed to infect devices using General Purpose Operating Systems, such as Linux. Malware targeting ``constrained'' IoT devices, which have lower hardware specifications and implement bare-metal firmware or a Real Time Operating System, are significantly less common, as they present a number of challenges that can hinder malware development. In this work, we identify these challenges and assess the viability of implementing functional ransomware that targets constrained IoT devices. We then test our findings by developing a ransomware Proof of Concept capable of locking a target system and spreading throughout a network. Finally, we analyse the ransomware's performance against an intentionally vulnerable testbed to identify the requirements and limitations of -- as well as potential countermeasures against -- ransomware targeting constrained IoT devices.

M3 - Conference Contribution (Conference Proceeding)

T3 - DIMVA: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment

BT - 2026 23rd Conference on Detection of Intrusions and Malware & Vulnerability Assessment

PB - Springer

Y2 - 1 July 2026 through 3 July 2026

ER -

Turbulence: Ransomware Proof of Concept for Resource-Constrained IoT Devices

Abstract

Publication series

Conference

Research Groups and Themes

Handle.net

Embargoed Document

Fingerprint

Projects

CHARIOT: Countering HArms caused by Ransomware in the Internet Of Things

Cite this