What Is Doxware and Is It Dangerous?

Malware doesn’t come in just one form. There are multiple kinds of malicious programs out there today that put you at risk, including doxware. Yet comparatively few people have even heard of the term. So, what is doxware, how does it work, and can it be avoided?

What Is Doxware?

The first thing to note here is that doxware is a form of ransomware. Ransomware is a particularly dangerous kind of malware, wherein the operator encrypts the target’s files and threatens to keep them locked unless the demanded ransom is paid.

Ransomware is a worryingly common attack method among cybercriminals, with ransomware-as-a-service platforms making huge profits by selling ransomware programs to malicious actors. Ransomware gangs are also a concern, with the biggest names like REvil and Conti attacking major organizations and causing a lot of damage.

What many don’t know is that there are numerous different kinds of ransomware out there, such as doxware. So, what does this malicious program do?

Doxware (i.e doxing ransomware) is used to threaten organizations or individuals with data leaks. While some ransomware programs simply lock files and applications until the ransom is paid, doxware holds the threat of releasing confidential data over the target’s head. Doxware does this by both encrypting and exfiltrating the targeted files.

This added layer of urgency can help the malicious operators more easily secure the ransom payment.

How Is Doxware Used?

Doxware has been used many times in the past to put large organizations on the spot, but it can also be used to target people. Individual doxware attacks may involve the theft of photos, videos, conversations, or login credentials, all of which can cause the victim a lot of trouble if released to the public.

On an organizational level, doxware attacks can lead to huge repercussions. Take LockBit 3.0, for example. Also known as LockBit Black, this is the newest iteration of the LockBit ransomware family, coming after LockBit 2.0. The most concerning aspect of LockBit 3.0 is that it doesn’t just encrypt files; it exfiltrates them too. This gives operators the ability to threaten the victim with a data leak, not just the lockdown of their information.

LockBit 3.0 has been used many times since its launch in June 2022. In one case, LockBit 3.0 was used to exploit Windows Defender to drop penetration tools via Cobalt Strike payloads.

Doxware is often spread through phishing communications, a popular vector for cybercriminals looking to infect more devices. Phishing is incredibly common, and is often used to either steal data via malicious sites, or spread malware via attachments and links.

How to Avoid Doxware

Because doxware is so dangerous, it’s important to employ the correct measures to steer clear of it. So, how can this be done?

Firstly, you should always ensure that you have a legitimate and up-to-date antivirus software program installed. Even if you’re using a well-known provider, avoiding updates can leave your program with vulnerable software flaws that cybercriminals can exploit. Ensure you’re updating your antivirus program frequently.

On top of this, you need to be careful about the communications you receive, be it via email, SMS, social media messaging, or otherwise. Because doxware is commonly spread through phishing, knowing the red flags of suspicious communications is key to protecting your data. Look out for common phishing indicators including spelling or grammar mistakes, questionable URLs or attachments, and unusual sender addresses.

You should also be careful when it comes to downloading files. Many people don’t vet the sites they download files and software from online, which can lead to malware infection. If a given site isn’t totally reliable and well-reviewed, don’t trust it to install anything on your device.

The Threats Posed by Doxware Are Clear

With the ability to both encrypt and exfiltrate data, doxware is an undoubtedly dangerous form of ransomware. It’s important to be aware of the risks of this malicious program, as well as the measures you should take to keep it at arm’s length.