Light Dark
June 20, 2024 By Jennifer Gregory 3 min read
News

We all have a mental checklist of things not to do while online: click on unknown links, use public networks and randomly download files sent over email. In the past, most ransomware was deployed on your network or computer when you downloaded a file that contained malware. But now it’s time to add a new item to our high-risk activity checklist: use caution when uploading files.

What is ransomware over browsers?

Researchers at Florida International University worked with Google to identify a new threat — ransomware over browser, which is malware embedded in a browser. This type of threat is not specific to a certain browser type or version. Because many browsers now contain many advanced functions in addition to letting us surf the web, the tools are now more vulnerable from a cybersecurity perspective. And cyber criminals have started using these vulnerabilities to deploy ransomware into browsers.

When you begin uploading a file using your browser, part of the process is selecting a drive on your network or hard drive. The File System Access API allows browsers to call this API, and then users can select the files to upload within the browser. Cyber criminals embed ransomware into this API so that when you select a file, the ransomware automatically encrypts all the files in the folder that you open — and all its subfolders. After the malware is deployed, you can no longer access these files.

The cyber criminals then demand a ransom payment for you or your company to regain access to the files. In the best scenario, you have a recent backup of the files that you can quickly restore and get back to work. IBM does not recommend making ransomware payments to cyber criminals in exchange for the return of the files because the cyber criminals often take the payment and do not return the files.

Lack of payloads makes detection challenging

As part of the study into ransomware over browsers, the researchers created their own ransomware (named RøB). Through numerous hands-on tests using different browsers and operating systems, the researchers realized what makes this type of threat so challenging and potentially damaging. Antivirus software looks for malicious payloads when scanning for viruses. However, the ransomware in this type of attack is not embedded in the payload, as it runs inside the existing browser.

Because traditional prevention and detection methods do not work, researchers discovered that new methods of defense are needed for browser-based ransomware. The researchers learned that a strategy using the following steps is effective in defending against ransomware over browsers:

  1. Temporarily halt the web application to find encrypted files.
  2. Identify potential ransomware based on monitoring the web application.
  3. Warn users of upload risks through a dialog box.

Preventing and reducing browser-based ransomware

According to the 2024 IBM Threat Intelligence Index, the top “action on” objective was deploying ransomware. The index found that 20% of all total cybersecurity incidents were ransomware cases. On a positive note, the index showed an 11% decrease in ransomware attacks.

These tips help to prevent or reduce the damage of a browser-based ransomware attack:

  • Install all browser updates and patches. Cyber criminals often exploit known vulnerabilities. By making sure your browser is the latest version, you can reduce your risk of ransomware on browser attacks.
  • Ensure that all tools used for uploading are legitimate. By making sure you only download browser-based tools (such as photo editors and video players) from legitimate sites, you can reduce the risk of browser-based ransomware attacks.
  • Backup all files and store them in an offsite location. Keep local backups that are archived to removable media, such as tapes, optical disks or removable hard disks, and to cloud-based resources. If you can quickly restore your data, you can get back online quickly without business disruption.
  • If a system is infected, hibernate it and disconnect it from the network immediately. If you reboot or restart an infected system, the attack and damage will become worse. Be sure to notify your IT security staff right away.

As browsers continue to evolve, cyber criminals will develop more elaborate and effective attacks. By staying up to date on the latest techniques and taking precautions, you can reduce your risk of these newest types of attacks.

To learn more about how to reduce the risks of ransomware, read the Definitive Guide to Ransomware from the IBM X-Force team.

 |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
November 18, 2024

Research finds 56% increase in active ransomware groups

4 min read - Any good news is welcomed when evaluating cyber crime trends year-over-year. Over the last two years, IBM’s Threat Index Reports have provided some minor reprieve in this area by showing a gradual decline in the prevalence of ransomware attacks — now accounting for only 17% of all cybersecurity incidents compared to 21% in 2021. Unfortunately, it’s too early to know if this trendline will continue. A recent report released by Searchlight Cyber shows that there has been a 56% increase in…

November 4, 2024

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

October 28, 2024

CISA and FBI release secure by design alert on cross-site scripting 

3 min read - CISA and the FBI are increasingly focusing on proactive cybersecurity and cyber resilience measures. Conjointly, the agencies recently released a new Secure by Design alert aimed at eliminating cross-site Scripting (XSS) vulnerabilities, which have long been exploited to compromise both data and user trust. Cross-site scripting vulnerabilities occur when a web application improperly handles user input, allowing attackers to inject malicious scripts into web pages that are then executed by unsuspecting users. These vulnerabilities are dangerous because they don't attack…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature