It's probably smarter than clicking on a link that downloads an unknown file to your computer. I've found that file uploads can also cause problems.
Today's web browsers are much more powerful than previous generations of browsers. You can work with data both in your browser and on your computer's local file system. Users can send and receive emails, listen to music, and watch movies within their browser with the click of a button.
Unfortunately, these features make it easy for hackers to find clever ways to exploit your browser and let ransomware lock your files when you think you're just doing normal tasks online. It also means that you can.
I'm a computer scientist who studies cybersecurity. My colleagues and I showed how hackers can access your computer's files through file system access application programming interfaces (APIs). This allows her web application in modern browsers to interact with the user's local file system.
This threat applies to Google's Chrome and Microsoft's Edge browsers, but not Apple's Safari or Mozilla's Firefox. 65% of browsers used are Chrome and 5% are Edge. As far as I know, there have been no reports of hackers using this method so far.
My colleagues and I, including security researchers at Google, have been in contact with the developers responsible for the file system access API to express their support for our efforts and our approach to defending against these types of attacks. expressed interest in. We have also submitted a security report to Microsoft, but have not heard back from them yet.
double edged sword
Today's browsers are almost operating systems in and of themselves. It can run software programs and encrypt files. These features, combined with browser access to the host computer's files (cloud, shared folders, external drives, etc.) through file system access APIs, create new opportunities for ransomware.
Imagine you want to edit your photos with a seemingly harmless free online photo editing tool. Uploading photos for editing allows hackers who control malicious editing tools to access the files on your computer via your browser. Hackers will now have access to the folder you uploaded from and all subfolders. The hacker may then encrypt the files in your file system and demand a ransom payment to decrypt them.
Ransomware has become a serious problem. Attacks not only affect individuals, but also organizations such as Fortune 500 companies, banks, cloud service providers, cruise lines, threat monitoring services, chip manufacturers, governments, medical centers and hospitals, insurance companies, schools, universities, and even police departments. is given. In 2023, organizations paid attackers more than $1.1 billion in ransomware payments, with 19 ransomware attacks targeting organizations every second.
No wonder ransomware is the biggest arms race between hackers and security experts today. Traditional ransomware runs on your computer after hackers trick you into downloading it.
New defenses against new threats
The team of researchers I lead in the Cyber-Physical Systems Security Laboratory at Florida International University includes postdoctoral researcher Abbas Aker and Ph.D. candidate Harun Oz has been researching this new type of potential ransomware for the past two years in collaboration with Google senior research scientist Guriz Serai Tankay. Specifically, in recent years he has been investigating how powerful web browsers have become and how hackers are weaponizing them to create new forms of ransomware.
In our paper “RøB: Ransomware on Modern Web Browsers,” presented at the USENIX Security Symposium in August 2023, we explore how easy this emerging ransomware is to design and how damaging it can be. I showed you what's possible. Specifically, we designed and implemented the first browser-based ransomware, called RøB, for use in browsers running on three different major operating systems: Windows, Linux, and MacOS, five cloud providers, and five antivirus products. was analyzed.
In our evaluation, we found that RøB can encrypt a wide variety of file types. Because RøB runs inside the browser, it does not have a malicious payload that traditional antivirus programs can detect. This means that existing ransomware detection systems face several challenges against this powerful browser-based ransomware.
We proposed three different defensive approaches to mitigate this new type of ransomware. These approaches operate at different levels, such as browser, file system, and user, and complement each other.
The first approach temporarily suspends a web application (a program running in a browser) to detect encrypted user files. The second approach monitors the activity of her web application on the user's computer to identify ransomware-like patterns. The third approach introduces a new permissions dialog box to inform users about the risks and implications of allowing web applications to access their computer's file system.
If you want to protect your computer, also be careful where you upload and download files. Your uploads may allow hackers to “break into” your computer.
