What is Doxware and How Does it Differ from Ransomware?

User protects data against doxware attack on the device.

We’ve all heard the sad tale of the large corporation that didn’t build in enough data security, got hacked into, and then had to pay millions of dollars to get their data back. Unfortunately, this is not a new story in the world of cybersecurity. The most well known cases of these kinds of attacks include Microsoft, Colonial Pipeline, JBS Meatpacking Plant, and the D.C. Police Department. Not to mention the countless attacks on state and local governments, hospitals, and educational systems. In fact, the first known case of a ransomware attack was in the late 1980s, housed on a floppy disk. Victims needed to send money to a P.O. box in order to reclaim their encrypted data.

What Is Ransomware?

Since its emergence in the 80s, ransomware has taken on many forms and become increasingly difficult to handle. In its simplest form, a ransomware attack re-encrypts your organization’s data, removing your access to it, and requires your organization to provide a ransom in exchange for regained access to your information. 

The intent of a traditional ransomware attacker does not necessarily stem from whether or not an organization has the ability to fight against an attack, but rather how long an organization can afford to be “down” while working to recover their data. The decision to comply with a ransomware attack comes when a company acknowledges its backup and recovery system is insufficient to bring them back online. Most organizations who pay their ransom – approximately 95% – are successfully able to recover their data, which leads to the most significant difference between ransomware and its new cousin, triple extortion ransomware also known as doxware.

What Is a Triple Extortion Ransomware, i.e. Doxware?

The newest and most harmful form is known as doxware. Doxware takes ransomware to the next, most lucrative level. Doxware takes a different approach from ransomware in that these attackers do not intend to give your data back to you after complying with payment. Not only does an attacker hold your valuable data up for a hefty price, but they also threaten to release it to risky third-party sites. The threat of an attack doesn’t only affect your company’s profit, but their reputation and intellectual property’s integrity. 

Unlike the large majority of organizations affected by ransomware cyber criminals, only 6% of doxware targeted companies are able to recover their data after providing ransom payment. Companies never receive the data, making the triple extortion ransomware attack a never ending event for the organization. The key to protecting your business from the triple extortion doxware attack, is to make the content unreadable and therefore useless should it be taken out of your organization. Cyber criminals don’t have any intent to give back your data. They put out a bid to sell your content to competitors, countries that are looking to advance their own tech and business agenda, and data leak sites that will damage your organization’s reputation.

Who Is at Risk of a Doxware Attack?

The unfortunate reality is that any person or company is at risk of a harmful doxware attack, though the most dominant industries at risk are healthcare, education, and state and local governments. The more sensitive the information, the more harmful an attack can be, which is why taking a second look at your cybersecurity plan is essential to your data and company’s well being.  

Large entities are taking ample caution when it comes to protecting their data from doxware attacks. Take the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC). This is an intricate certification model made of levels, domains, and capabilities that all DoD contractors must go through. 

The organizations that are often at the highest risk of a doxware attack are small to medium-sized businesses. All too often, organizations with smaller numbers and budgets are confident that their size will protect them from doxware attackers who may be looking for bigger fish to fry, and therefore do not allocate the time or budget to implement essential cybersecurity solutions.

What Is at Risk?

Your Budget

First and foremost, doxware is a major threat to your company’s bottom line. While integrating these essential cybersecurity measures into your data protection plan requires some budget allocation, it can often be far more costly to pay a ransom for all crucial data that you are likely to never recover.

Your Brand’s Reputation

While they say ‘All PR is good PR,’ that’s simply not the case with a doxware attack. This attack on CAD, Intellectual Property and more, can result in rampant distrust throughout your stakeholders, namely your customers. A doxware attack will directly affect your customer base much more than a standard ransomware attack because these attackers will sell your customer data to the highest third-party bidder, leaving your clients open to further cybersecurity risks. Once their data has been compromised by the lack of data protection protocols within your organization, how can they continue to trust your brand as a whole?

Employee Retention

Employee data is a huge part of the sensitive information that your company holds. It’s not just up to your technology team to keep this data private. It takes a concerted effort between executives and your human resources team to keep this entrusted data out of the wrong hands. Lack of a strong cyber wall can compromise your employees’ data and have life-altering consequences for them. If employees get even a whiff of poor data protection, they will run towards your competitor who can provide a solid wall of cybersecurity around their personal information. 

Supplier Trust

Building relationships with reliable suppliers is essential to any successful business. Part of that relationship is trusting that your suppliers’ business and personal information is securely stored within your digital systems. Even if your organization experiences a doxware attack that ultimately does not impact your suppliers’ data, the inability to protect even your own information can disintegrate trust from your suppliers and cost your company valuable supplier relationships.   

Affordable Cybersecurity Insurance

Similar to other types of insurance such as automobile and homeowners insurance, it only takes one doxware incident for your organization’s cybersecurity insurance rate to skyrocket. Once you suffer from an attack, your insurer will view this as a lack of preparation, driving your premiums up, marketing your company as a potential risk to other cybersecurity insurers. Making it virtually impossible to get an affordable cybersecurity insurance rate. 

Steps to Protect Against Doxware

The best defense is a good offense. Here are our top five steps to protect your company from doxers:

  1. Know the signs: The first and best line of defense against doxware is knowing the signs of an attack. Your company-wide cybersecurity plan should always include awareness training for your employees to identify questionable emails. 
  2. Remote work policies: Remote work has become the new reality of our day-to-day operations. This means more networks, personal devices, and data being shared. This opens up your company to even more malicious attacks, which is why it’s so important to keep your team up to date on training and to have an official data security plan in place. 
  3. Back up data: Regularly backing up your data means you are no longer at the mercy of an attacker. In a worst-case scenario, if you are attacked by a ransomware or doxware attacker, you are able to wipe your data to take it out of the attacker’s hands. You can then restore the data from the backup safely. The key to this step is ensuring that the location of your backup is also protected under a zero-trust system and cannot be infiltrated by another attacker.
  4. Encrypt your data: A doxware attacker can’t steal data that is fully encrypted and indecipherable. The important thing to note with this is that you must then keep your decryption tool highly protected. Encrypt your files at rest and in transit. but also keep them encrypted even during consumption or access.
  5. Work with a data security partner: Anchor is the ultimate step towards doxware protection. With security built into your data, Anchor provides encryption tools on a zero-trust network, so you never have to worry about an attacker truly getting hold of your information. Learn more about how Anchor can protect your sensitive data.

Find out how your company can use crypto-technology that allows security to travel with the data versus within the confines of our network.

With Anchor, users can collaborate and share sensitive files anywhere, without an organization sacrificing control of their data security. Contact us to see how.