What is Doxware?
Ransomware is a major security threat which affects individuals, businesses, and governments. Over the past few years, researchers have noticed an increase in a new type of ransomware: doxware.
In this short article, we’ll introduce you to doxware — and tell you what you need to know in order to stay safe.
What is ransomware?
Ransomware is malicious software that infects a computer or computer network, causes some adverse effect, and then demands a “ransom” payment in order to undo the damage. This typically means denying the victim access to their data, either by locking their system or by encrypting their files, and then asking for money in the form of cryptocurrency.
What is doxware?
Doxware is ransomware which extorts victims by threatening to release sensitive information if a ransom is not paid. The name comes from the word “doxing”, sometimes spelled “doxxing”, which refers to the act of publishing someone’s personal information online (the term “dox” itself is a reference to “documents”). Doxware, then, is “doxing ransomware”.
How does doxware work?
Doxware is similar to traditional ransomware in that it must first find a way to infect a target network or computer. This is typically accomplished through phishing emails which link to malicious websites or contain malicious attachments, or by creating a website which contains code capable of exploiting unpatched security vulnerabilities on a site visitor’s system.
Once activated, doxware behaves similarly to other types of ransomware, encrypting files and presenting its demands to the victim. But the difference is that in addition to file encryption, doxware also steals sensitive files and sends copies back to whoever controls the malware. The hackers are thus able to make a twofold threat: Pay us the ransom if you want your files back, and if you don’t, not only will you not recover your files, but we’ll publish your private information online.
For home users, this can mean the publication of personal photos, emails, or financial information, exposing them to embarrassment and possible identity theft. For organizations, this can mean the exposure of customer records, confidential files, or intellectual property, all of which can have serious financial and legal ramifications.
How can doxware attacks be prevented?
Most of the security advice for traditional ransomware also applies to doxware. To protect yourself against doxware:
Learn how to avoid infection
The best way to prevent doxware incidents is to keep yourself from being infected in the first place, and this means becoming aware of the most common ransomware delivery vectors and knowing how to avoid them. Learn how to spot phishing attacks, and never download attachments or programs from untrusted senders or websites. In general, be very careful about the kinds of websites you visit, and avoid high-risk websites altogether: Filesharing and piracy sites, for example, are notorious for containing malicious code. Lastly, for businesses and organizations, implement regular phishing awareness training and knowledge assessments for employees.
Update software regularly
Unpatched browsers, apps, and OSes can all lead to a doxware infection if a user visits a compromised website. This is why it’s crucial that you always keep your system and software up to date. If you work in an enterprise setting and your IT department is stretched thin, look into the possibility of managed updates handled by a third-party provider in order to make sure that everything is patched in a timely fashion.
Back up your data
CMake sure all sensitive data is backed up regularly, and make sure your backup solution provides some type of malicious code scanning, as ransomware variants have been known to lie dormant as a way of sneaking into backup files. If the worst happens and you do suffer a ransomware attack, a recent backup can allow you to wipe and restore your systems with minimal data loss — a fact which eliminates much of the power that the hackers have over you.
Encrypt sensitive data
Consider using an at-rest encryption solution to protect your sensitive data. Doxware is only a threat if the hackers can actually get their hands on sensitive information. But if your files are encrypted at rest, it will be more difficult for malicious software to identify which files are important enough to steal, and may be sufficient to ensure that any data exfiltrated by hackers is unreadable. Of course it goes without saying that if you go this route, the decryption keys themselves must be kept securely: Never, for example, store keys in plain text on the same system they’re supposed to be protecting!
Use a reputable AV product
A good anti-malware tool will be able to spot many common doxware variants and stop potential infections in their tracks. Choose a product that is well-reviewed and well-maintained in order to protect yourself from newer threats, which can sometimes be missed by software whose malware definitions are infrequently updated. Remember that these tools can only protect you if they’re used regularly and kept updated, so enable automatic updates and schedule routine system scans.
By following these steps, you’ll be able to lessen the chance of a successful doxware attack, and mitigate the damage if one does happen. If you want to learn more about this topic, check out these past Checklist podcasts on the rise of ransomware and what to do if you encounter a ransomware attack in progress.