Doxware is a new emerging and a significant threat to data privacy, troubling individuals, as well as enterprises.
However, this concept has been around for quite some time now. The recent ransomware attacks also termed as ‘dox’ threatens to expose all the confidential information to the public by publishing online, such as the ‘Epic’ crypt.
One variant that has highlighted the threat is locker ransomware. It menaces the individuals and makes your personal and confidential data public over permanently deleting the data beyond recovery.
Doxware is an extortion-ware code that is capable of encrypting the dox victim data and hold it captivated. Both ransomware and extortion-ware are similar, i.e., both are a variant of malware that holds data as a hostage with the risk of public data/information exposure. Fundamentally and mechanically, both are the same.
Difference between Doxware and Ransomware
The line of distinction is very blurry, and terms are sometimes interchangeably used; however, the difference can be noticed in the final steps. Ransomware is held for a ransom rendering the files futile unless they are brought back.
Doxware, on the other hand, comes with the unambiguous threat of making some files public.
For example- When the popular Netflix web series- ‘Orange is the New Black’, was released on ‘TheDarkOverload.’
Furthermore, most ransomware are meant to target an entire hard drive while doxware are meant to target private and sensitive data that the owner would never like to broadcast, e.g., pin numbers, bank account details.
In civil terms, ransomware is robbery while doxware is blackmail, all falling under the umbrella term extortion-ware.
Subsequently, for enterprise security terms, the Doxware ransomware threat could make the matter worse. And, the reason being, it denies backup and recovery services—one of the best defense mechanism for ransomware attacks. Consider phishing attack that happened on Hillary Clinton’s campaign exposing all the private e-mails and documents online to the public as example.
What are Doxingin Details? How Does It Relate to Malware?
To understand the doxware to its entirety, you will have to understand ‘doxing.’ The term is derived from ‘documents,’ using a paper trail used to find and reveal someone’s identity online. And, the process of identifying the documents and embarrassingly releasing them online to reveal their identity is called doxing.
It can be personal, tying some public figures to their own dubious habits by releasing or revealing personal information such as e-mails, photos. It is a cybercrime releasing sensitive data altogether, such as bank accounts or social security numbers. In the last few years, doxxing have become a popular method that is being used by internet bullies to take revenge on their enemies that could lead to disastrous repercussions.
However, the actual malware element of doxware is similar to ransomware in terms of functions. A doxware virus seizes to the files from the computer of the victim. The difference can be seen in the consequential effects—should the victim choose to pay the ransom. Once the encrypting the files is done, the creator of the doxware demands a ransom, and if you don’t manage to pay the files that will be made public.
How Does Doxware Work?
Doxware targets the computer in the form of an infected file, e-mail attachment, or with an infected website just like any other. And, once the doxware enters the system, rest all the processes are automatic: once it is downloaded, it would upload and encrypt the files altogether.
The attacker, on the other hand, will demand a ransom, generally through an unidentified internet currency, e.g., Bitcoin. If their demands are not fulfilled, then the attacker gets on with his threat, and he uploads to an unspecified plaintext site such as pastebin, or he can send the data to the victim’s contact list directly over e-mail, Facebook, or Skype.
It can take months for doxware victim to realize that he/she has been infected while their computer system was serving as a vector for the virus.
Furthermore, the most ransomware victimizes an entire hard drive. At the same time, doxware goes after specific keywords that contain private, sensitive, or confidential data that the owner would never want to broadcast, such as the bank account details or pin numbers.
Why should it concern you?
If we look back at the surveyed numbers, the ransomware attacks in the year 2016 are increased by 6000% over 2015, with 70% of victims agreeing to pay the ransom.
Also, while ransomware attacks are still on the rise, it has been steadily earning less for their attackers. Ransomware attacks like NotPetya and WannaCry made a lot of headlines, but they were as lucrative as the attackers wanted them to be.
With time, companies are getting more and more robust about their security terms. They are getting even more critical about backing up their sensitive data, making it possible for their safe return of the files less appealing—way to pay the ransom when you can clean and reboot.
Not to mention, this being a reason, cybercriminals have to stay a few steps ahead of their smart victims. As of today, companies that back up their data are willing to keep their data at the stake of losing, and some are okay with the data/files going public. The PR damage might make the loss all worth it.
How to Combat the Effects of Doxware Ransomware?
The following section highlights some ways to combat Doxware:
1) Early Detection & Alleviation
In Doxware ransomware attacks, the mitigation for ransomware by creating backups is entirely irrelevant. Because it not only puts your data at stake of deletion, but it holds the ability your make your private/confidential data released online. So to be on the safer side here, the early detection & alleviation is vital if the attacker captivates the data and intends to make it public.
2) Better Data Encryption
One thing that is to be remembered is always to keep your personal & confidential data encrypted with impermeable encryption algorithms. This is exceptionally obligatory to protect your files against attack by any ransomware (particularly Doxware).
3) Phishing Defenses
Never forget to follow the guidelines that can prevent your system from phishing. It is done because phishing e-mails target your system and steal your data without having known for months. For example, never click any link that you find suspicious or open the attachments sent by strangers. You can avoid the Doxware intrusion and keep your confidential data safe and sound.
4) Keep Your Antivirus Updated
Always keep the antivirus that is installed on your system up-to-date. If you are not known to the fact that an Antivirus plays a powerful role in taking down the potential threats, then you should keep it in mind. It ensures the maximum and foolproof security against all kinds of ransomware and extortion-ware that even includes Doxware.
5) Go For Ransomware Removal/ Recovery Service
For data recovery service, the last option you can go for is ransomware removal or recovery service. Working with the other preventive measures that are explained above i.e., early detection and removal, better & quality data encryption, defense from phishing e-mails, and keeping your antivirus/other security software updated to its latest versions. However, this method is suitable for combating the effects of ransomware other than Doxware. This is because this ransomware is all about making your data public and not destroying or erasing it.
Other Basic Rules to Follow to Decrease the Future Risks:
If you do find yourself the victim of a doxware attack:
Report it to the Authorities: The central organizations such as FBI have a specific department that deals with cybercrimes and the cybercriminals, and any detail can be helpful in making it a case that works in your favor, not in favor of attackers.
Don’t Pay the Ransom: The way to encourage these attackers in the future is letting them be successful. Giving away the demanded ransom would be one reason to encourage them. Also, there is no guarantee the attackers will keep up with their end of the bargain after the payment is received. Also, the payment is received via Bitcoin; it is nearly impossible to trace transactions made through such payment methods.
But unfortunately, your options become limited once your files are files encrypted. Your best defense here can be ‘PREVENTION’ from happening in the first place:
Back up your Data: One of the oldest and most critical backing-up missions to create the backup of the data regularly to the Cloud or an offline device.
Educate Yourself on Safe Internet Habits: It has been observed and reported that 95% of all the security breach cases have “human error” as a contributing factor. Try to ensure that all employees are updated with the newly launched internet trends. It is done to avoid the clicking on phishing e-mails or any suspicious websites.
Make your Network Security Proactive: Here, the real-time visibility into your high fidelity anomaly detection is your best bet against malware to find it as soon as you can and prevent it from any damage. The best way to defend such cases is a good defense.