Techopedia defines doxware as ransomware that threatens to release personal data to the public if the user does not pay the ransom. The term comes from the hacker term “doxxing,” or releasing confidential information over the internet.

The difference is encryption and extortion. Ransomware encrypts computer systems, data, files and networks and then demands payment. Doxware copies confidential, personal, privileged or sensitive data, thereby allowing attacker’s to also extort users if payment demand is ignored.

In a Ransomware attack many organizations decide within 48 hours of attack to pay or not pay the ransom. If they can roll back to unencrypted files they do not pay. See Blog Post Ransomware The 48 Hour Decision . In a Doxware attack, these same organizations must decide the ramifications, if any, for the attackers leaking confidential, personal, privileged or sensitive data.

In 2014 Sony Pictures had a malware attack which leaked confidential and personal emails. This attack severely impacted their brand and revenues. It served  a warning that when personal information (PI) is leaked accusations and declinations will erupt between data users, data owners and third party service providers. This consequence has prompted organizations to rethink their cyber security posture.

In 2019 Twitter removed telephone numbers from its two-factor authentication (2FA) protocols. The reason is organizations using any type of PI for 2FA creates another digital trail to be aggregated with other data and exploited.  In effect, aggregation may enable cyber criminals to research and exploit selective individuals or organizations. As a result, many organizations  now offer digital removal services, such as, Deleteme or Onetrust to mitigate risks.

Recommended Steps For Individuals and Businesses To Mitigate Doxware Attacks:

  • Deploy Back-Up and Continuity Management Services that back up data and files to cloud-based services or external hard drives. Allowing for rolling back to unencrypted forms. Also, isolate critical and sensitive data and files to add another layer of security.
  • Regularly update all security software and operating systems.
  • Quarterly train all staff on all types of doxware attacks, such as phishing emails and attachments.
  • Digital Age creates a Digital Trail of PI that can be aggregated and weaponized. Take these additional steps:
    • Update privacy settings for all apps, browser extensions and social media profiles able to collect PI to reduce digital exposure. 
    • Deploy and use VPNs for all of your online or Internet traffic. Use VPNs that offer secure encrypted tunnels and data use logs
    • Explore using privacy screening services to manage and remove personal data from online profiles and websites.

Further Reading:

Monstercloud Blog Doxware Tips

What Do You Think?

Author Disclosure

I am the author of this article and it expresses my own opinions. I have no vested interest in any of the products, firms or institutions mentioned in this post. Nor does the Analyst Syndicate. This is not a sponsored post.



The views and opinions in this analysis are my own and do not represent positions or opinions of The Analyst Syndicate. Read more on the Disclosure Policy.