June 20, 2024 By Jennifer Gregory 3 min read

We all have a mental checklist of things not to do while online: click on unknown links, use public networks and randomly download files sent over email. In the past, most ransomware was deployed on your network or computer when you downloaded a file that contained malware. But now it’s time to add a new item to our high-risk activity checklist: use caution when uploading files.

What is ransomware over browsers?

Researchers at Florida International University worked with Google to identify a new threat — ransomware over browser, which is malware embedded in a browser. This type of threat is not specific to a certain browser type or version. Because many browsers now contain many advanced functions in addition to letting us surf the web, the tools are now more vulnerable from a cybersecurity perspective. And cyber criminals have started using these vulnerabilities to deploy ransomware into browsers.

When you begin uploading a file using your browser, part of the process is selecting a drive on your network or hard drive. The File System Access API allows browsers to call this API, and then users can select the files to upload within the browser. Cyber criminals embed ransomware into this API so that when you select a file, the ransomware automatically encrypts all the files in the folder that you open — and all its subfolders. After the malware is deployed, you can no longer access these files.

The cyber criminals then demand a ransom payment for you or your company to regain access to the files. In the best scenario, you have a recent backup of the files that you can quickly restore and get back to work. IBM does not recommend making ransomware payments to cyber criminals in exchange for the return of the files because the cyber criminals often take the payment and do not return the files.

Lack of payloads makes detection challenging

As part of the study into ransomware over browsers, the researchers created their own ransomware (named RøB). Through numerous hands-on tests using different browsers and operating systems, the researchers realized what makes this type of threat so challenging and potentially damaging. Antivirus software looks for malicious payloads when scanning for viruses. However, the ransomware in this type of attack is not embedded in the payload, as it runs inside the existing browser.

Because traditional prevention and detection methods do not work, researchers discovered that new methods of defense are needed for browser-based ransomware. The researchers learned that a strategy using the following steps is effective in defending against ransomware over browsers:

  1. Temporarily halt the web application to find encrypted files.
  2. Identify potential ransomware based on monitoring the web application.
  3. Warn users of upload risks through a dialog box.

Preventing and reducing browser-based ransomware

According to the 2024 IBM Threat Intelligence Index, the top “action on” objective was deploying ransomware. The index found that 20% of all total cybersecurity incidents were ransomware cases. On a positive note, the index showed an 11% decrease in ransomware attacks.

These tips help to prevent or reduce the damage of a browser-based ransomware attack:

  • Install all browser updates and patches. Cyber criminals often exploit known vulnerabilities. By making sure your browser is the latest version, you can reduce your risk of ransomware on browser attacks.
  • Ensure that all tools used for uploading are legitimate. By making sure you only download browser-based tools (such as photo editors and video players) from legitimate sites, you can reduce the risk of browser-based ransomware attacks.
  • Backup all files and store them in an offsite location. Keep local backups that are archived to removable media, such as tapes, optical disks or removable hard disks, and to cloud-based resources. If you can quickly restore your data, you can get back online quickly without business disruption.
  • If a system is infected, hibernate it and disconnect it from the network immediately. If you reboot or restart an infected system, the attack and damage will become worse. Be sure to notify your IT security staff right away.

As browsers continue to evolve, cyber criminals will develop more elaborate and effective attacks. By staying up to date on the latest techniques and taking precautions, you can reduce your risk of these newest types of attacks.

To learn more about how to reduce the risks of ransomware, read the Definitive Guide to Ransomware from the IBM X-Force team.

More from News

Hackers are increasingly targeting auto dealers

3 min read - Update as of July 11, 2024 In late June, more than 15,000 car dealerships across North America were affected by a cyberattack on CDK Global, which provides software to car dealers. After two cyberattacks over two days, CDK shut down all systems, which caused delays for car buyers and disruptions for the dealerships. Many dealerships went back to manual processes, including handwriting up orders, so that sales could continue at a slower pace. Car buyers who recently bought a car from…

CISA director says banning ransomware payments is off the table

3 min read - The FBI, CISA and NSA all strongly advise against organizations making ransomware payments if they fall victim to ransomware attacks. If so, why not place a ban on paying ransomware demands? The topic came up at a recent Oxford Cyber Forum. Jen Easterly, Director of CISA, commented on the issue, saying, “I think within our system in the U.S. — just from a practical perspective — I don’t see it happening.” It’s unlikely this was a purely spontaneous remark as the…

A proactive cybersecurity policy is not just smart — it’s essential

3 min read - It’s easy to focus on the “after” when it comes to cybersecurity: How to stop an attack after it begins and how to recover when it's over. But while a reactive response sort of worked in the past, it simply is not good enough in today’s world. Not only are attacks more intense and more damaging than ever before, but cyber criminals also use so many different attack methods. Zscaler ThreatLabz 2024 Phishing Report found that phishing attacks increased by…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today