Evolution of Ransomware

Ransomware is transforming into Doxware, which is a more strategic attack that targets specific victims. With Doxware, not only do hackers hold the computers hostage, but they also secure private conversations, photos and sensitive files to gain even more leverage that ensures that the victim actually pays the ransom.

Travis Smith, Senior Security Research Engineer at Tripwire explains, “What makes Doxware more dangerous than typical ransomware is that it is truly holding the victims data for ransom.  Previous ransomware variants were local to the victim’s machine, meaning the attacker never physically had any data to hold hostage. While a user can recover encrypted data from backups, the attacker still has a copy of their data.  If there is any sensitive data which the victim doesn’t want public, they may be forced into paying a ransom.  However, any victims of this type of crime should be wary that there are no guarantees that the criminal behind the ransomware will actually keep your files private after paying.

Tips on Securing Data for Consumers

Travis Smith advises, “While the best practice is to have backups of critical data, having copies of operating systems and applications may be too cumbersome for the typical internet user.  User data, unlike the OS and applications, cannot be recovered without a backup.  While it may be time consuming, getting a copy of the operating system or application from the vendor is a viable option in most cases.  My recommendation is to follow the 3-2-1 backup theory; have three copies of your data, on two different types of media, with one of those copies being stored away from your home. In addition to following the 3-2-1 backup theory, consumers can adopt enterprise best practices of encrypting sensitive data at rest.  Free tools are available to create encrypted volumes which can be unlocked on-demand.  Should an attacker gain access to an encrypted volume, you would be less likely to pay knowing they are unlikely to unlock your sensitive data.”

Travis explains, “The only sure way to avoid ransomware is to not use a computer.  However, since there’s inherent risk in every facet of our daily lives, we can adopt safe internet habits to reduce the risk of an infection.  Don’t open any attachments or click on any links from unsolicited emails. Even if the email appears to come from a trusted source, hover over links to make sure you will be taken to a reputable source before clicking any links.”

[su_box title=”About Travis Smith” style=”noise” box_color=”#336588″][short_info id=’74194′ desc=”true” all=”false”][/su_box]