Cybersecurity researchers point to a brand new ransomware threat – watch out where you upload files

You probably know higher than to click on links that download unknown files to your computer. It seems that uploading files may also cause problems.

Today's web browsers are rather more powerful than previous browser generations. They are in a position to manipulate data each within the browser and in the pc's local file system. Users can send and receive emails, hearken to music, or watch a movie in a browser with the press of a button.

Unfortunately, these capabilities also mean that hackers can find clever ways to abuse the browsers to trick you into having your files locked by ransomware if you think you're just doing all of your usual tasks online.

I’m a pc scientist who studies cybersecurity. My colleagues and I even have shown how hackers can use this to achieve access to your computer's files Application programming interface for file system access (API), which allows web applications in modern browsers to interact with users' local file systems.

The threat affects Google's Chrome and Microsoft's Edge browsers, but not Apple's Safari or Mozilla's Firefox. Chrome accounts for 65% of browsers used, and Edge accounts for five%. As far as I do know, there have been no reports of hackers using this method.

My colleagues, including a Google security researcher, and I communicated with the developers liable for the File System Access API, they usually have expressed their support for our work and interest in our approaches to mitigating a lot of these attacks. We have also filed a security report with Microsoft but haven’t heard from them yet.

Double-edged sword

Today's browsers are almost independent operating systems. You can run software programs and encrypt files. These capabilities, combined with the browser's access to the host computer's files – including files within the cloud, shared folders and external drives – via the File System Access API create a brand new opportunity for ransomware.

Imagine you desire to edit photos using a harmless-looking free online photo editing program. When you upload the photos for editing, any hackers who control the malicious editing tool can access the files in your computer through your browser. The hackers gain access to the folder you upload from and all subfolders. Then the hackers could encrypt the files in your file system and demand a ransom payment to decrypt them.

Today's web browsers are more powerful – and in some ways more vulnerable – than their predecessors.

Ransomware is a growing problem. Attacks have hit each individuals and organizations, including Fortune 500 corporations, banks, cloud service providers, cruise lines, threat monitoring services, chip manufacturers, governments, medical centers and hospitals, insurance firms, schools, universities and even police departments. In 2023, organizations paid greater than $1.1 billion in ransomware payments to attackers and 19 ransomware attacks Target organizations per second.

It's no wonder ransomware is The No. 1 arms race today between hackers and security specialists. Traditional ransomware runs in your computer after hackers trick you into downloading it.

New defenses for a brand new threat

A team of researchers that I led on Cyber-Physical Systems Security Laboratory at Florida International Universityincluding postdoctoral fellow Abbas Acar and Ph.D. candidate Harun Ozin collaboration with Google Senior Research Scientist Guliz Seray Tuncay, have been investigating this latest style of potential ransomware for 2 years. In particular, we examined how powerful modern web browsers have turn into and the way they could be weaponized by hackers to develop novel types of ransomware.

In our work RøB: Ransomware via modern web browserswhich was presented on the USENIX Security Symposium In August 2023, we showed how easy this latest ransomware variant is to develop and the way harmful it may be. Specifically, we designed and implemented the primary browser-based ransomware called RøB and analyzed its use with browsers running on three different major operating systems – Windows, Linux and MacOS – five cloud providers and five antivirus products.

Our evaluations showed that RøB is able to encrypting quite a few file types. Because RøB runs within the browser, there aren’t any malicious payloads that a standard antivirus program could catch. This implies that existing ransomware detection systems face several issues against this powerful browser-based ransomware.

We have proposed three different defense approaches to contain this latest style of ransomware. These approaches operate at different levels – browser, file system and user – and complement one another.

The first approach involves temporarily pausing an online application – a program running within the browser – to detect encrypted user files. The second approach monitors web application activity on the user's computer to discover ransomware-like patterns. The third approach introduces a brand new permissions dialog to tell users of the risks and implications of allowing web applications to access their computer's file system.

When it involves protecting your computer, watch out where you upload and download files. Your uploads could give hackers access to your computer.

image credit : theconversation.com