Skip to content
zenthic

zenthic

Primary Menu
  • Home
  • Press Release
  • Business
  • Technology
  • Education
  • Health
  • Sports
  • Arts & Entertainment
  • Lifestyle
  • Home
  • Press Release
  • SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk
  • Press Release

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

zenthic 1 year ago 0 comments
SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.

Ransomware attacks typically involve tricking victims into downloading and installing the ransomware, which copies, encrypts and/or deletes critical data on the device, only to be restored upon the ransom payment. Traditionally, the primary target of ransomware has been the victim’s device. However, thanks to the proliferation of the cloud and SaaS services, the device no longer holds the keys to the kingdom. Instead, the browser has become the primary way through which employees conduct work and interact with the internet. In other words, the browser is becoming the new endpoint.

SquareX has been disclosing major browser vulnerabilities like Polymorphic Extensions and Browser Syncjacking, and is now issuing a strong warning on the emergence of browser-native ransomware. SquareX’s founder, Vivek Ramachandran cautions, “With the recent surge in browser-based identity attacks like the one we saw with the Chrome Store OAuth attack, we are beginning to see evidence of the ‘ingredients’ of browser-native ransomwares being used by adversaries. It is only a matter of time before one smart attacker figures out how to put all the pieces together. While EDRs and Anti-Viruses have played an unquestionably vital role in defending against traditional ransomware, the future of ransomware will no longer involve file downloads, making a browser-native solution a necessity to combat browser-native ransomwares.”

Unlike traditional ransomware, browser-native ransomware requires no file download, rendering them completely undetectable by endpoint security solutions. Rather, this attack targets the victim’s digital identity, taking advantage of the widespread shift toward cloud-based enterprise storage and the fact that browser-based authentication is the primary gateway to accessing these resources. In the case studies demonstrated by SquareX, these attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.

One potential scenario involves social engineering a user into granting a fake productivity tool access to their email, through which it can identify all the SaaS applications the victim is registered with. It can then systematically reset the password of these apps with AI agents, logging the users out on their own and holding enterprise data stored on these applications hostage.

Similarly, the attacker can also target file sharing services like GoogleDrive, Dropbox and OneDrive, using the victim’s identity to copy out and delete all files stored under their account. Critically, attackers can also gain access to all shared drives, including those shared by colleagues, customers and other third parties. This significantly expands the attack surface of browser-native ransomware – where the impact of most traditional ransomware is confined to a single device, all it takes is one employee’s mistake for attackers to gain full access to enterprise wide resources.

As less and less files are being downloaded, it is inevitable for attackers to follow where work and valuable data is being created and stored. As browsers become the new endpoint, it is crucial for enterprises to reconsider their browser security strategy – just as EDRs were critical to defend against file-based ransomware, a browser-native solution with a deep understanding of client-side application layer identity attacks will become essential in combating the next generation of ransomware attacks.

To learn more about this security research, visit https://sqrx.com/browser-native-ransomware

About SquareX:

SquareX‘s industry-first Browser Detection and Response (BDR) solution helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time. In addition to browser ransomware, SquareX also protects against various browser threats including identity attacks, malicious extensions, advanced spearphishing, GenAI DLP and insider threats.

The browser-native ransomware disclosure is part of the Year of Browser Bugs project. Every month, SquareX’s research team releases a major web attack that focuses on architectural limitations of the browser and incumbent security solutions. Previously disclosed attacks include Browser Syncjacking and Polymorphic Extensions.

To learn more about SquareX’s BDR, contact us at founder@sqrx.com. For press enquiries on this disclosure or the Year of Browser Bugs, email us at junice@sqrx.com.

Post navigation

Previous: Animal Rights Groups Slam Sodexo for Neglecting Cage-Free Egg Promise in India
Next: HRTailor Pioneers Online HR Solutions for Startups and MSMEs

Related Stories

GLOBAL TEAM
  • Press Release

GLOBAL TEAM INVITATION-TO-BID OPENS ON 3 JULY AS ABU DHABI T10 FRANCHISE PROCUREMENT ENTERS LANDMARK PHASE

zenthic 3 days ago 0
RY-26-27-Installation-PR
  • Press Release

Rtn. R. Srikanth Installed as 67th President of Rotary Club of Madras South for RY 2026–27

zenthic 6 days ago 0
Entropy
  • Press Release

Karnataka Pickleball Premier League (KPPL) Announces Launch of Season 1

zenthic 6 days ago 0

Useful Links

  • Press Release
  • Business
  • Technology
  • Education
  • Health
  • Sports
  • Arts & Entertainment

Top Highlighted Post

Shipmozo
  • Technology

Shipmozo: India’s Multi-Carrier Shipping Aggregation Platform for eCommerce, D2C, and B2B Freight

zenthic 15 hours ago 0
Global-Biz-Outlook-590x700-1
  • Business

Global Biz Outlook Launches “Most Impactful Visionary Leaders 2026” Featuring Business Leaders Transforming the Future of Leadership, Innovation, and Enterprise

zenthic 2 days ago 0
GLOBAL TEAM
  • Press Release

GLOBAL TEAM INVITATION-TO-BID OPENS ON 3 JULY AS ABU DHABI T10 FRANCHISE PROCUREMENT ENTERS LANDMARK PHASE

zenthic 3 days ago 0
RY-26-27-Installation-PR
  • Press Release

Rtn. R. Srikanth Installed as 67th President of Rotary Club of Madras South for RY 2026–27

zenthic 6 days ago 0
zenthic

Zenthic is your trusted source for expert insights, strategies, and inspiration to help business leaders thrive in today’s fast-paced world. We provide up-to-date analysis of market trends, innovative business practices, and leadership strategies that drive success. Our content empowers professionals to make informed decisions, stay ahead of the competition, and grow their organizations sustainably. With expert commentary and actionable advice, Zenthic is your go-to resource for navigating the complexities of the modern business landscape.

Latest Posts

  • Shipmozo: India’s Multi-Carrier Shipping Aggregation Platform for eCommerce, D2C, and B2B Freight
  • Global Biz Outlook Launches “Most Impactful Visionary Leaders 2026” Featuring Business Leaders Transforming the Future of Leadership, Innovation, and Enterprise
  • GLOBAL TEAM INVITATION-TO-BID OPENS ON 3 JULY AS ABU DHABI T10 FRANCHISE PROCUREMENT ENTERS LANDMARK PHASE
  • Rtn. R. Srikanth Installed as 67th President of Rotary Club of Madras South for RY 2026–27
  • Karnataka Pickleball Premier League (KPPL) Announces Launch of Season 1

Categories

  • Press Release
  • Business
  • Technology
  • Education
  • Health
  • Sports
  • Arts & Entertainment
zenthic Copyright © 2026 All rights reserved. |