As security controls and defense measures for computer systems become more sophisticated, cyber criminals have taken one step ahead in the world of Ransomware. The most profitable ransomware attacks has taken a leap with doxing.
What is Doxware ?
“Ransomware is the art of encrypting data on a network, users PC or Mac and asking for a ransom amount to decrypt it. With Doxware the criminals encrypt the data locally on the network and also copy the same to their own server and ask for ransom. If ransom is not paid then the sensitive information is posted publicly.”
The threat has increased two fold with Doxware with the risk of sensitive information going public if ransom is not paid.
Earlier if companies or individuals who regularly backed up their systems could easily wipe off and rebuild their machines if infected by ransomware. But now users who are a victim of the ransomware attacks are forced to pay the ransom to protect the reputation and sensitive information.
Malwarebytes was one of the first companies to report on this issue and they have identified at least 5 different variants of Doxware in the recent months since mid of last year. Doxware is not widespread as much as ransomware for now but this is predicted to increase during 2017 for targeted.
It’s very effective and a easy money for criminals by holding the victim hostage with their data. Currently only windows versions have been discovered as per Malwarebytes and it won’t be long before other operating systems are caught up. Universities, Government agencies, hospitals and many such sectors may end up paying instead of fighting against it as it’s a matter of sensitive data of going public verses money.
There is no fool proof prevention at this point but companies like Malwarebytes and Kaspersky have known definitions to stop some of the variants. Ultimately the end user must be cautious when clicking links while on the internet, have AV installed , have the latest patches for their Operating systems and possibly use a reputation based url checker integrated with their browsers.
Two new malwares that affect point of sale (PoS) machines have been detected by the researchers at Trend Micro. The malware have been affecting small and medium sized businesses or SMBs, primarily in the United States. These two malwares have been named Katrina and CenterPoS by their developers. Trend Micro researchers had earlier reported PoS […] Continue reading →
Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions and lot of new […] Continue reading →
Dendroid, the next generation Crimeware toolkit which can convert apps to malware , is available in underground market for only $300. It also comes with a 24 hour support if you are stuck up on your way. Symantec mentioned that this is evolution of AndroRAT( first ever malware APK binder). Dendroid is a HTTP RAT that […] Continue reading →
“Although EC-Council has been respected by corporations and governments, many in the in the security community don’t agree the way they certify and considered it as useless certification ” Analysts predict that Passports of more than 60,000 US military and government IT professionals at risk Hacker went by the name of Eugene Belford, claims to […] Continue reading →
This time Syrian Electronic Army has targeted Forbes for the big hack day. SEA published the hack on Friday, showing several screenshots of the WordPress admin panel backend of the Forbes.com website. SEA said in a tweet that more than one million user e-mails and passwords […] Continue reading →
Johannes B, a security researcher from the SANS has posted a warning for useres about a self-replicating malware named “The Moon”has been exploiting authentication bypass and code-execution vulnerabilities on Linksys routers – E1000 & E1200 wireless routers. How does it work ? The malware remotely calls Home Network Administration Protocol (HNAP), allows identification, configuration and management of networking devices. Malware […] Continue reading →
TESCO has been targeted by hackers this time and account information of more than 2000 customers have been posted online on pastebin. Tesco.com internet shopping accounts, personal details and Tesco club card details were posted last Thursday online by the hackers. As a result , Tesco was forced […] Continue reading →
Recently a zero day vulnerability in Internet Explorer was discovered(CVE-2014-0322)). Researchers from Fireeye has identified that hackers are using this vulnerability in targeting US military personals. Furthermore they also suspect that this may be a very strategic campaign (Operation Snowman) during the President’s day weekend. FireEye researchers observed drive-by-download attack which alters HTML code of the […] Continue reading →
Its almost sounded unbelievable when Kaspersky research published a cyber espionage APT campaign MASK (Careto) that’s been running in the wild since 2007, undetected, targeting 31 countries. The complexity of the tools used for MAST by the attackers are very sophisticated which makes its very special. This includes an extremely sophisticated piece of malware, a […] Continue reading →