April 12, 2019

How to defend against doxware

You’ve probably heard of ransomware, but have you heard of doxware? While ransomware may have been responsible for some of the cruelest and most expensive cyber attacks publicized in recent history, many fear doxware far more than ransomware.

Ransomware is becoming something uglier

The name “doxware” comes from “doxxing,” the practice of illicitly obtaining and publishing private information about a victim without their consent. Unlike ransomware which wreaks chaos on victims by locking them out of their own files until a ransom is paid, doxware is a new form of blackmail. Victims of doxware are locked out of private files which are dumped publicly to the web if a ransom is not paid to the attacker.

Similar to a ransomware attack, a doxware attack involves breaking through traditional cybersecurity measures including firewalls, VPNs, containers, and passwords to reach private files. They can also be initiated by a victim themselves through an errant click in a phishing email. A successful doxware attack may have involved weeks or months of planning. In fact, it’s likely that a doxware attacker had already gotten past traditional cybersecurity measures on multiple occasions prior to finding the right files to stage their attack.

Ransomware attacks can be opportunistic and launched purely for profit. Doxware attacks, on the other hand, are far more insidious and require careful targeting and planning on behalf of attackers to know which files will have the greatest impact on the victim if released to the public.

Defeating doxware

One way to try and stop a doxware attack is to keep sensitive files off of computers, devices, the cloud, and email servers. Obviously, that is unreasonable for this day and age.

Doxware is an effective social and technical attack because the victim fears what others may find in their files if they are published. Making a doxware attack ineffective requires a two-pronged approach. The first involves making sure an attacker can’t figure out which files are valuable to the victim while the second involves making the release of files meaningless to anyone who may come acrossthem. Both of these tactics can be accomplished by keeping files encrypted at rest using Atakama.

A file encrypted at rest can’t be opened by an attacker to determine its potential harm on a victim. More importantly, if a doxware attack hit a file that was already encrypted at rest, the victim doesn’t need to fear its publication since the original file remains encrypted the entire time and wouldn’t be readable to any other machine or human.

Atakama is effortless, effective encryption for the good guys

It’s never been more important to secure sensitive files using encryption. That’s why Atakama was designed to provide industry-grade AES 256-bit encryption for files with just one click. If you know how to drag and drop files to a folder, you already know how to use Atakama to protect your files from doxware and other digital threats. Opening encrypted files normally requires setting and entering a unique password for each one but with Atakama’s multi-factor encryption technology, there are no passwords, just peace of mind.

Request a free trial to explore the latest in cybersecurity from Atakama. Protect yourself and your organization and its employees from devastating doxware attacks with next-generation solutions to frustrate cybercriminals today and long into the future.

Related Blog Posts

Ready to try Atakama?

Request DemoClick for download link