New ransomware over browser threat targets uploaded files

Security

20 June 2024

3 min read

Authors

Jennifer Gregory

Cybersecurity Writer

We all have a mental checklist of things not to do while online: click on unknown links, use public networks and randomly download files sent over email. In the past, most ransomware was deployed on your network or computer when you downloaded a file that contained malware. But now it’s time to add a new item to our high-risk activity checklist: use caution when uploading files.

What is ransomware over browsers?

Researchers at Florida International University worked with Google to identify a new threat — ransomware over browser, which is malware embedded in a browser. This type of threat is not specific to a certain browser type or version. Because many browsers now contain many advanced functions in addition to letting us surf the web, the tools are now more vulnerable from a cybersecurity perspective. And cyber criminals have started using these vulnerabilities to deploy ransomware into browsers.

When you begin uploading a file using your browser, part of the process is selecting a drive on your network or hard drive. The File System Access API allows browsers to call this API, and then users can select the files to upload within the browser. Cyber criminals embed ransomware into this API so that when you select a file, the ransomware automatically encrypts all the files in the folder that you open — and all its subfolders. After the malware is deployed, you can no longer access these files.

The cyber criminals then demand a ransom payment for you or your company to regain access to the files. In the best scenario, you have a recent backup of the files that you can quickly restore and get back to work. IBM does not recommend making ransomware payments to cyber criminals in exchange for the return of the files because the cyber criminals often take the payment and do not return the files.

Industry newsletter

The latest tech news, backed by expert insights

Thank you! You are subscribed.

Stay up to date on the most important—and intriguing—industry trends on AI, automation, data and beyond with the Think newsletter. See the IBM Privacy Statement.

Your subscription will be delivered in English. You will find an unsubscribe link in every newsletter. You can manage your subscriptions or unsubscribe here. Refer to our IBM Privacy Statement for more information.

Lack of payloads makes detection challenging

As part of the study into ransomware over browsers, the researchers created their own ransomware (named RøB). Through numerous hands-on tests using different browsers and operating systems, the researchers realized what makes this type of threat so challenging and potentially damaging. Antivirus software looks for malicious payloads when scanning for viruses. However, the ransomware in this type of attack is not embedded in the payload, as it runs inside the existing browser.

Because traditional prevention and detection methods do not work, researchers discovered that new methods of defense are needed for browser-based ransomware. The researchers learned that a strategy using the following steps is effective in defending against ransomware over browsers:

  1. Temporarily halt the web application to find encrypted files.
  2. Identify potential ransomware based on monitoring the web application.
  3. Warn users of upload risks through a dialog box.
Mixture of Experts | 14 March, episode 46

Decoding AI: Weekly News Roundup

Join our world-class panel of engineers, researchers, product leaders and more as they cut through the AI noise to bring you the latest in AI news and insights.
Watch the latest podcast episodes

Preventing and reducing browser-based ransomware

According to the 2024 IBM Threat Intelligence Index, the top “action on” objective was deploying ransomware. The index found that 20% of all total cybersecurity incidents were ransomware cases. On a positive note, the index showed an 11% decrease in ransomware attacks.

These tips help to prevent or reduce the damage of a browser-based ransomware attack:

  • Install all browser updates and patches. Cyber criminals often exploit known vulnerabilities. By making sure your browser is the latest version, you can reduce your risk of ransomware on browser attacks.
  • Ensure that all tools used for uploading are legitimate. By making sure you only download browser-based tools (such as photo editors and video players) from legitimate sites, you can reduce the risk of browser-based ransomware attacks.
  • Backup all files and store them in an offsite location. Keep local backups that are archived to removable media, such as tapes, optical disks or removable hard disks, and to cloud-based resources. If you can quickly restore your data, you can get back online quickly without business disruption.
  • If a system is infected, hibernate it and disconnect it from the network immediately. If you reboot or restart an infected system, the attack and damage will become worse. Be sure to notify your IT security staff right away.

As browsers continue to evolve, cyber criminals will develop more elaborate and effective attacks. By staying up to date on the latest techniques and taking precautions, you can reduce your risk of these newest types of attacks.

To learn more about how to reduce the risks of ransomware, read the Definitive Guide to Ransomware from the IBM X-Force team.