Doxware - A Devilish Improvement to Ransomware

Category: Security

It’s bad enough when ransomware encrypts your hard drive and demands payment in Bitcoins for the key to unlock your data. But a few innovative cyber-extortionists are also stealing your most sensitive data and threatening to publish it if you don’t pay up. Here's what you need to know about doxware…

What is Doxware?

Some security experts call this form of cyber-extortion “doxware,” a combination of “ransomware” and “doxxing.” Doxxing is the nasty practice of publishing a victim’s home address, personal phone number, Social Security Number, compromising photos intended only for significant others, emails exchanged with your lawyer or tax accountant, sensitive documents, and other data that nobody wants to share with the whole world.

One doxware variant simply tacks on a doxxing component to an existing ransomware program. It works like this:

A victim acquires a doxware infection in one of the usual ways. Silently, the malware encrypts data, like any ransomware. But before encrypting, it scans for key phrases in documents and filnenames that indicate something of a sensitive nature, i. e., “nude,” “password,” “confidential,” etc. It copies such juicy-looking files to a server in the cloud, along with contact lists it finds. Then it displays a screen like the one below, telling the victim what to pay, how to pay it, and why he had better pay it by the specified deadline.

Doxware - Ransonmware variant

If the ransom is not paid in time, the stolen data will be published on a public server and its location will be emailed to all of the victim’s contacts. The victim won’t get the key that unlocks his encrypted hard drive, either.

Doxware adds the potential of public shaming to the private pain of lost data, increasing the likelihood that the victim will pay up. After all, you don’t have to decrypt your hard drive if you have a good backup copy of everything, or if there’s nothing irreplaceable and mission-critical on it. You can simply reformat the drive and start all over again. Also, several anti-ransomware programs that may be able to decrypt a drive have appeared since one gang of crooks published a rival gang’s list of encryption keys. (The latter may well have come up with doxware in response to this weakening of their scheme.)

The Fear Factor

But even if you circumvent the encryption, the sensitive data remains beyond your reach, a perpetual threat that you cannot eliminate. That is, provided the crook scooped up the right data; maybe you don’t care if everyone knows what he stole. But you don’t know what he scooped up, and fear of the unknown is the most powerful fear. A lot of people will drive themselves nuts scrutinizing all the files on their hard drive (after decrypting it) and wondering what might be damaging if it became known to their contacts.

Doxware is still rare compared to non-ubiquitous ransomware, but that won’t last for long if the doxware technique proves profitable. Keep your guard up, your anti-malware software up to date, and your sensitive data someplace other than your hard drive. If you must keep senstive material on your hard drive, use encryption to safeguard those files.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 6 Oct 2016


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 06 October 2016

The Top Twenty
Next Article:
Run Android Apps Under Windows

Most recent comments on "Doxware - A Devilish Improvement to Ransomware"

Posted by:

GuitarRebel
07 Oct 2016

I keep all sensitive info on an encrypted flash drive. Hopefully, it will mitigate the damage if I were to fall prey to something so despicable.


Posted by:

CtPaul
07 Oct 2016

I have to hand it to you! This article actually motivated me to clean out a "contacts" email list that has been growing for 20 years... (Yes, it took me all morning!)

There is no reason that people who are dead, very ill, or have Alzheimer's disease need to worry about any embarrassing files on my hard drive.

Next task is to shunt those files to an external hard drive and keep it disconnected to the PC afterwards.


Posted by:

Paul
07 Oct 2016

This is pretty despicable. How long before a suicide is the result of someone being infected by this malware.


Posted by:

Jack
07 Oct 2016

Social Security needs a better way of protecting our information. I'd like to see the use of a "true" Social Security number, and a "virtual" number.
So when you apply for SS, the agency assigns you a true SS number (which even you are not privvy to), and a virtual SS number that you will use from then on. You are fingerprinted, retina-scanned, etc.
The virtual number is merely a "pointer" to your true number in the government systems.
Now if you are ever a victim of identity theft, you can go to the SS office, verify your identity with the fingerprint and retina scans, etc. and request a replacement virtual number to use from that point forward. The new virtual number "points" to your true SS number, which was never compromised, because it was always kept secret.
Just my thoughts.


Posted by:

Jay R
07 Oct 2016

If the data remains beyond my reach, there is no reason to pay or I will be paying forever. Bring on the shame...... and Dirty Harry. Somebody needs to find out if the guys are feeling lucky.


Posted by:

Steven Bulger
09 Oct 2016

Malwarebytes Anti-Exploit free software might stop a ransomware from getting into someones computer.


Posted by:

J Russell
10 Oct 2016

A word about I-Drive and the annual charges you will receive if you buy one of these. I was charged $69.50 for something I didn't request and didn't use. But they are sorry about that, it's automatic unless you knew about it and canceled it before you were charged. So i'm out $69.50. Buyer beware.


Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Doxware - A Devilish Improvement to Ransomware (Posted: 6 Oct 2016)
Source: http://askbobrankin.com/doxware_a_devilish_improvement_to_ransomware.html
Copyright © 2005 - Bob Rankin - All Rights Reserved