carbonite logo

Commonly searched topics:

backupcloud backupaccount sign in

Article · Jan 5, 2017

Doxware takes ransomware to the next level

Doxware takes ransomware to the next level

A new class of ransomware called "doxware" demands that victims pay a ransom if they don't want their sensitive personal and/or business information published online. Doxware is a developing threat. Even so, we're already beginning to see variants infect unsuspecting victims in the wild.

Therefore, users and businesses should concentrate on preventing a doxware infection by understanding how to block the most common attack vectors of a traditional malware campaign. That means avoiding email attachments from unknown senders, avoiding links in emails and educating yourself about malvertising schemes, where online ads are laced with malware. It’s also important to have an offsite data backup in place in case your files are permanently corrupted or destroyed by the cybercriminals responsible for doxware.

What is doxware?
Doxware is a form of malicious software that, like ransomware, encrypts victims' data and holds it hostage. But doxware takes matters a step further by threatening to publicly expose sensitive information—emails, conversations, photos, social security numbers, etc.—if the ransom isn't paid.

One of the first doxware variants to emerge in the wild goes by the name "Ransoc." The malware informs the victim they have sustained a penalty because their computer allegedly contains child sexual abuse materials and items that violate intellectual property rights. The malware then informs the victim that they will go to jail unless they pay a ransom.

Ransoc also runs several routines that interact with Skype, LinkedIn and Facebook. The doxware then harvests information and photos it finds on those profiles and threatens to publish everything if payment is not received.

"This fairly bold approach to ransom payments suggests the threat actors are quite confident that people paying the ransom have enough to hide that they will probably not seek support from law enforcement," a posting on the website of cybersecurity firm Proofpoint reads. The post goes on to say that most victims encountered Ransoc via malvertising on adult websites.

Protect yourself and your business
Bob Rankin, a computer programmer, security expert and blogger, writes that "doxware is still rare compared to [most] ransomware, but that won’t last for long if the doxware technique proves profitable. Keep your guard up, your anti-malware software up to date, and your sensitive data someplace other than your hard drive. If you must keep sensitive material on your hard drive, use encryption to safeguard those files."

For even more news and information on the fight against ransomware, visit the homepage today.


David Bisson

David Bisson is an infosec news junkie and security journalist. He currently works as Contributing Editor for Graham Cluley Security News, Associate Editor for Tripwire's "The State of Security" blog, and Contributing Author to Metacompliance Ltd. and OASIS Open. David hopes his writing will help protect users against online threats, especially ransomware.

Related content