Doxware - the Latest Malware Threat

The latest form of malware that is being spread by cybercriminals is doxware, which holds users’ personal files – like photos, documents and personal conversations – hostage. How can you protect yourself from it?

Ransomware has been a growing concern for businesses over the last few years. This type of malware attack functions by breaching systems – typically though an infected email link or software download – and then encrypting certain files or folders, rendering them inaccessible. In order to access the data again, users must pay a fee, often ridiculously extortionate, and frequently this won’t even result in them getting their data back. But because most companies now have effective backup strategies, although it isn’t convenient, data can simply be restored from a recent backup. In addition, many companies are now more vigilant, and know not to open suspicious links. But cybercriminals, in response to this increased awareness and vigilance, have developed doxware, with an added layer of threat.

Doxware combines the typical threat of a ransomware attack with the possibility of a data breach if the ransom isn’t paid. Because of this threatened release, doxware attacks are much harder to avoid than regular ransomware attacks, making them more profitable to hackers. The name “doxware” comes from “doxing”, the practice of publishing private information online to threaten, intimidate, or bully.  

Sony Pictures were the victim of a highly publicised doxware attack in 2014, after an employee fell victim to a phishing email. The hackers – who called themselves the “Guardians of Peace” - had excess to private conversations between staff, directors and actors, documents including scripts, and even full movies. Hacked data was freely available online, and it was reported that Sony lost hundreds of millions of dollars in revenue on the leaked film Annie alone.The US Department of Justice believed that a North Korean hacker named Park-Jin hyok, working for the North Korean government, was behind the attack (incidentally, he is also believed to have been one of the perpetrators of the WannaCry ransomware attack in 2017). The alleged motive of the doxware attack was Sony’s failure to shelve its Kim Jong-un parody The Interview, with the Guardians of Peace group threatening terrorist attacks if the film went ahead; it was eventually pulled from cinemas at the last minute, and released online.

Doxware, unlike ransomware, requires strategic planning, and hackers will typically target their victims as opposed to randomly hoping they click an infected link. These attacks, therefore, should give business and political leaders cause for concern. The Sony doxware attack show just how catastrophic a doxware attack can be.