In the latest spin on extortionware, is a malware product called doxware. Doxware has also been around for a while, however it’s the new approach in “spreading the infection” which is causing some concern; with opinions between those who think that new doxware attacks could lead to broader infections and those that do not.
Doxware attacks commands a higher ransom thank traditional ransomware, due to a three-fold attack vector on the target’s data. Encryption, and Exfiltration for farming the data and threat of release. To date experts have found there is nothing new going on in the coding. As people, businesses and organizations have started refusing to pay the ransoms, once they have their backup solutions in place, cyber criminals have needed to come up with new ways to get more money.
The thing that makes the doxware different from traditional ransomware, is that in addition to encrypting data and extorting payment to get ‘the key’, the attackers exfiltrate the data to look through it for possible additional doxing targets; and more importantly are threatening to release or leak the data. What makes doxware the same as ransomware is that fundamentally and mechanically it is the same.
So it would appear that the key and only difference identified between doxware and extortionware (traditional ransomware) is that there are two additional layers of threat:
- Stolen data will be released or leaked etc.,
- That the cyber-criminal will use the stolen data and farm it to identify additional doxware targets.