A new report out today from cybersecurity company SquareX Inc. is warning of a dangerous new evolution in ransomware: browser-native attacks that bypass traditional defenses and put millions of users at risk.

Browser-based ransomware differs from traditional ransomware that relies on downloaded files to infect systems in that the ransomware operates entirely within the browser and requires no download. Instead, the attack targets the victim’s digital identity, taking advantage of the shift toward cloud-based enterprise storage and the fact that browser-based authentication has become the primary gateway to accessing these resources.

In a case study published by SquareX last week, the attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.

One potential scenario involves social-engineering users into granting a fake productivity tool access to their email, through which it can identify all the software-as-a-service applications the victims are registered with. Having gained access, the attacker can then systematically reset the passwords of these apps with Al agents, logging the users out on their own and holding enterprise data stored on these applications hostage.

An attacker could also target file-sharing services like Google Drive, Dropbox and OneDrive, using the victim’s identity to copy out and delete all files stored under their account. That level of access also opens a new door to potentially more victims, as attackers can also gain access to all shared drives.

That includes those shared by colleagues, customers and other third parties, expanding the attack surface of browser-native ransomware. Whereas the impact of most traditional ransomware is confined to a single device, SquareX argues, all it takes is one employee’s mistake for attackers to gain full access to enterprise-wide resources.

“With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the ‘ingredients’ of browser-native ransomware being used by adversaries,” explained SquareX founder Vivek Ramachandran. “It is only a matter of time before one smart attacker figures out how to put all the pieces together. While endpoint detection and response and anti-viruses have played an unquestionably vital role in defending against traditional ransomware, the future of ransomware will no longer involve file downloads, making a browser-native solution a necessity to combat browser-native ransomware.”

SquareX advises that as browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy. Just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of client-side application layer identity attacks will become essential in combating the next generation of ransomware attacks.

Image: SiliconANGLE/Reve