Light Dark
June 20, 2024 By Jennifer Gregory 3 min read
News

We all have a mental checklist of things not to do while online: click on unknown links, use public networks and randomly download files sent over email. In the past, most ransomware was deployed on your network or computer when you downloaded a file that contained malware. But now it’s time to add a new item to our high-risk activity checklist: use caution when uploading files.

What is ransomware over browsers?

Researchers at Florida International University worked with Google to identify a new threat — ransomware over browser, which is malware embedded in a browser. This type of threat is not specific to a certain browser type or version. Because many browsers now contain many advanced functions in addition to letting us surf the web, the tools are now more vulnerable from a cybersecurity perspective. And cyber criminals have started using these vulnerabilities to deploy ransomware into browsers.

When you begin uploading a file using your browser, part of the process is selecting a drive on your network or hard drive. The File System Access API allows browsers to call this API, and then users can select the files to upload within the browser. Cyber criminals embed ransomware into this API so that when you select a file, the ransomware automatically encrypts all the files in the folder that you open — and all its subfolders. After the malware is deployed, you can no longer access these files.

The cyber criminals then demand a ransom payment for you or your company to regain access to the files. In the best scenario, you have a recent backup of the files that you can quickly restore and get back to work. IBM does not recommend making ransomware payments to cyber criminals in exchange for the return of the files because the cyber criminals often take the payment and do not return the files.

Lack of payloads makes detection challenging

As part of the study into ransomware over browsers, the researchers created their own ransomware (named RøB). Through numerous hands-on tests using different browsers and operating systems, the researchers realized what makes this type of threat so challenging and potentially damaging. Antivirus software looks for malicious payloads when scanning for viruses. However, the ransomware in this type of attack is not embedded in the payload, as it runs inside the existing browser.

Because traditional prevention and detection methods do not work, researchers discovered that new methods of defense are needed for browser-based ransomware. The researchers learned that a strategy using the following steps is effective in defending against ransomware over browsers:

  1. Temporarily halt the web application to find encrypted files.
  2. Identify potential ransomware based on monitoring the web application.
  3. Warn users of upload risks through a dialog box.

Preventing and reducing browser-based ransomware

According to the 2024 IBM Threat Intelligence Index, the top “action on” objective was deploying ransomware. The index found that 20% of all total cybersecurity incidents were ransomware cases. On a positive note, the index showed an 11% decrease in ransomware attacks.

These tips help to prevent or reduce the damage of a browser-based ransomware attack:

  • Install all browser updates and patches. Cyber criminals often exploit known vulnerabilities. By making sure your browser is the latest version, you can reduce your risk of ransomware on browser attacks.
  • Ensure that all tools used for uploading are legitimate. By making sure you only download browser-based tools (such as photo editors and video players) from legitimate sites, you can reduce the risk of browser-based ransomware attacks.
  • Backup all files and store them in an offsite location. Keep local backups that are archived to removable media, such as tapes, optical disks or removable hard disks, and to cloud-based resources. If you can quickly restore your data, you can get back online quickly without business disruption.
  • If a system is infected, hibernate it and disconnect it from the network immediately. If you reboot or restart an infected system, the attack and damage will become worse. Be sure to notify your IT security staff right away.

As browsers continue to evolve, cyber criminals will develop more elaborate and effective attacks. By staying up to date on the latest techniques and taking precautions, you can reduce your risk of these newest types of attacks.

To learn more about how to reduce the risks of ransomware, read the Definitive Guide to Ransomware from the IBM X-Force team.

 |  |  |  | 
Jennifer Gregory
Cybersecurity Writer

More from News
June 27, 2024

A proactive cybersecurity policy is not just smart — it’s essential

3 min read - It’s easy to focus on the “after” when it comes to cybersecurity: How to stop an attack after it begins and how to recover when it's over. But while a reactive response sort of worked in the past, it simply is not good enough in today’s world. Not only are attacks more intense and more damaging than ever before, but cyber criminals also use so many different attack methods. Zscaler ThreatLabz 2024 Phishing Report found that phishing attacks increased by…

June 24, 2024

Poland spending $760 million on cybersecurity after attack

3 min read - Visitors to the Polish Press Agency (PAP) website on May 31 at 2 p.m. Polish time were met with an unusual message. Instead of the typical daily news, the state-run newspaper had supposedly published a story announcing that a partial mobilization, which means calling up specific people to serve in the armed forces, was ordered by Polish Prime Minister Donald Tusk beginning on July 1, 2024. Deputy Prime Minister Krzysztof Gawkowski refuted the claim on X (formerly Twitter). His post…

June 18, 2024

Exploring the 2024 Worldwide Managed Detection and Response Vendor Assessment

3 min read - Research firm IDC recently released its 2024 Worldwide Managed Detection and Response Vendor Assessment, which both highlights leaders in the market and examines the evolution of MDR as a critical component of IT security infrastructure. Here are the key takeaways. The current state of MDR According to the assessment, “the MDR market has evolved extensively over the past couple of years. This should be seen as a positive movement as MDR providers have had to evolve to meet the growing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature