Like ransomware, doxware encrypts files, but also involves purloining copies Credit: Thinkstock This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter’s approach. As if ransomware wasn’t bad enough, there is a new twist called doxware. The term “doxware” is a combination of doxing — posting hacked personal information online — and ransomware. Attackers notify victims that their sensitive, confidential or personal files will be released online. If contact lists are also stolen, the perpetrators may threaten to release information to the lists or send them links to the online content. Doxware and ransomware share some similarities. They both encrypt the victim’s files, both include a demand for payment, and both attacks are highly automated. However, in a ransomware attack, files do not have to be removed from the target; encrypting the files is sufficient. A doxware attack is meaningless unless the files are uploaded to the attacker’s system. Uploading all of the victim’s files is unwieldy, so doxware attacks tend to be more focused, prioritizing files that include trigger words such as confidential, privileged communication, sensitive or private. Although doxware attacks are likely to increase, this type of extortionware has its shortcomings: Doxware attacks tend to involve relatively small amounts of data. Most attackers do not have the resources to store millions of files, and the act of uploading a massive volume of files increases the risk of detection. Criminals want to maximize their return on investment, and doxware attacks are more costly to implement. For a doxware attack to be financially rewarding, attackers must research potential victims to determine whether the stolen data will have sufficient value. They must also have a plan for publishing the data if the victim chooses not to pay. Criminals potentially face increased risks for doxware attacks. Attackers need the infrastructure to host the stolen files and to release them online. This infrastructure could make tracing them easier. Shortcomings aside, security analysts agree that doxware attacks are likely to increase over the next two years. So far the attacks have targeted businesses and high-profile individuals rather than the general public. However, that could change if attackers find ways to target smartphones or IoT devices. One of the earliest doxware attacks, Ransoc, informed victims that files violating intellectual property rights or files containing child pornography were present on their computers; unless the victim remitted a payment, the authorities would be notified and the victim would be incarcerated. With access to more devices, attackers could refine doxware attacks that make it cost-effective to target individuals on a massive scale. Protecting against doxware attacks Businesses that suffer a doxware attack often feel there is no alternative but to pay the ransom. However, even making the payment does not always end the attack. If the attackers find information that is particularly valuable or embarrassing, additional demands may be made. Furthermore, there is no guarantee the criminals will not publish the files even after a company meets all of the payment demands. The purloined data remains an ongoing threat; victims cannot confirm that stolen files have been erased. Therefore, the best method of dealing with a attack is to prevent it. The following tips can help protect against doxware attacks: Most doxware attacks begin with a phishing attack. Educate users on how to deal with phishing attempts, such as not opening email attachments from unknown sources and not clicking on links contained in emails. Do not store sensitive data on a hard drive; if that is impossible, try to spread the data over multiple servers. Encrypt files while they are at rest, and make sure that sensitive files are always encrypted. Keep anti-malware software updated; new threats are constantly emerging. Educate users on malvertising and the types of sites that are common sources of malware-infected ads. These include adult websites, Facebook, Skype and “pirate” sites hosting illegal copies of movies and television shows. Although an offsite backup will not prevent a doxware attack, it is still important to have. Should the attacker provide the decryption key after the ransom has been paid; there is no guarantee that the decrypted files will not be irretrievably corrupted. Doxware attacks are far less common than traditional ransomware attacks, but as any security professional knows, when criminals have the opportunity to make an easy profit, they will take advantage of the opportunity. As Mr. Robot once said, “We’re at war.” Doxware is simply another insidious weapon in a cybercriminal’s arsenal. If you are concerned about advanced malware attacks, consider building an incident response plan and automating security operations. Automation and collaboration can help reduce adhoc activities and streamline operations during crisis. In addition, using automation can help reduce the MTTR and reduce exposure time. Related content news IBM, Palo Alto marry to focus on AI-based security technology The expanded partnership includes the sale of IBM’s QRadar security intelligence platform to Palo Alto Networks. By Michael Cooney May 15, 2024 4 mins Communications Security Network Security news ZutaCore launches liquid cooling for advanced Nvidia chips The HyperCool direct-to-chip system from ZutaCore is designed to cool up to 120kW of rack power without requiring a facilities modification. By Andy Patrizio May 15, 2024 3 mins Servers Data Center news 2024 global network outage report and internet health check ThousandEyes tracks internet and cloud traffic and provides Network World with weekly updates on the performance of ISPs, cloud service providers, and UCaaS providers. By Ann Bednarz May 15, 2024 45 mins Internet Service Providers Network Management Software Cloud Computing news Network jobs watch: Hiring, skills and certification trends What IT leaders need to know about expanding responsibilities, new titles and hot skills for network professionals and I&O teams. By Denise Dubie May 15, 2024 8 mins Careers Data Center Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe