Hackers use a variety of malware to achieve their aims. And as they become more sophisticated, and techniques evolve to combine different types of attack strategies, it can be confusing to understand the differences between them. In this article, we’re going to look at crypto-ransomware and doxware.
What is crypto-ransomware?
Crypto-ransomware is a type of malware that encrypts people’s files on their devices, after which the hacker demands a ransom to release it. The ultimate aim of this type of attack is to make money – usually in the form of cryptocurrency. If the ransom is paid, the files are normally restored with no further issues, and often the cybercriminals will offer to restore a file for free to prove they have the decryption key.
Whilst it might not result in any data leaks or more serious cybersecurity threats, it does cause inconvenience, which can mean a matter of life or death depending on the industry you work in. For example, a software supplier to the NHS in the UK was hit by a ransomware attack in August 2022 which affected ambulance dispatch. In addition, the sums of money demanded can be cripplingly high for many businesses.
What is doxware?
Similar to crypto-ransomware, hackers will use malware to encrypt files. However, doxware also steals sensitive files and sends copies back to whoever controls the malware. This provides a double threat to victims: pay the ransom or not only will they not be able to access their files, but the hackers will also release the sensitive information publicly.
For companies, this can mean the release of customer data, confidential financial information or intellectual property. This happened to Netflix in 2017 when a cybercriminal group hacked into an audio production company used by many TV and film studios. They released episodes of the new series of ‘Orange is the new Black’ when Netflix and the production company refused to pay the ransom.
The evolution of malware
Essentially, doxware is an evolution of crypto-ransomware, as a way to ensure companies cannot get around the ransom by wiping the system clean and restoring their back-up files. As a result, it is being used more and more by cybercriminal groups which makes it something that companies need to be prepared for.