Ransomware turns innovative and hides in websites where files are being uploaded

    In recent times, the landscape of malware attacks has evolved beyond the traditional encryption tactics followed by ransom demands. A new breed of ransomware has emerged, distinct in its approach – it locks users from uploading files to websites.

    Researchers at FIU Cybersecurity have conducted an extensive analysis, revealing a troubling trend: certain websites are enticing users to grant access to their files, only to deploy ransomware payloads upon permission.

    Commonly frequented platforms like tax estimation websites, photo editors, and movie streaming services often request access to user media. However, once granted, these platforms hijack control over the content and demand hefty sums for access.

    The FIU College of Engineering and Computing’s study highlights that attackers are demanding cryptocurrency in exchange for decryption keys. This ransomware variant is adaptable, capable of operating across Linux, Windows, and Mac OS platforms. Moreover, it can infiltrate popular cloud storage services such as Google Drive, OneDrive, Dropbox, Apple Cloud, and BOX.

    One notable aspect of these attacks is the manner in which the payload is triggered – typically initiated when users click “YES” on a pop-up prompt. Due to browsers’ inherent file access permissions, antivirus solutions often fail to flag such activities, rendering users vulnerable.

    It is imperative to exercise caution when granting permissions to browser-enabled activities, as they can unwittingly facilitate malware payload downloads onto websites.

    According to the Microsoft Threat Intelligence Tax Season report, threat actors are continually innovating, deploying tactics designed to deceive users into divulging sensitive information or making payments to fraudulent services. During tax season, hackers exploit this period by creating fake websites to trick users into surrendering their credentials, setting them up for future exploitation.

    To mitigate risks, users should avoid clicking on email links from unknown senders, as they could be phishing attempts. Furthermore, refrain from disclosing sensitive information on suspicious web pages lacking HTTPS protocol. Always access services and products through URLs obtained from official sources. Lastly, exercise caution when downloading attachments from unfamiliar email or SMS senders, as they could contain malicious content.

    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display