Doxware: The Latest Ransomware


The term “doxware” is coined from the term ‘dox’, meaning searching or posting private information online with any malicious intention. The criminals draw the victims’ attention by stating that their crucial, confidential or personal files would be released online and made them public.

There are some similarities in Doxware and Ransomware. Both encrypt the victims’ files; demand for ransom and are highly automated in nature. In a doxware attack, the compromised files are uploaded to the attacker’s system. It is more focused on choosing the files as per confidentiality or privacy. However, in case of ransomware attack, the files are not removed; they are encrypted.

Doxware has its shortcomings too as below:
• Doxware attacks normally happen with small amount of data. The cyber criminals do not have enough space to save thousands of files, and as a result, uploading huge volume of files increases detection risk.
• Criminals always search for maximum profit on their investment and doxware attacks are too costly to implement. In order to ensure profitability, the criminals do extensive research on the potential victims to decide whether the compromised data would be valuable. They chalk out plans on how to publish the data if the victim denies to pay the ransom.
• The criminals need proper framework to host the compromised data and release them online. It can be easily traceable if it is improper.

IT security professionals estimate that doxware attacks might increase over the next couple of years. Till now the victims have been more from businesses and high-profile individuals comparing to general public. Nevertheless, it might change if the criminals start targeting smartphones or IoT devices. If there is access to more devices, the criminals could improve doxware attacks that are cost-effective and target victims on a larger scale.

Prevent Doxware attacks
Any business which is suffering a doxware attack might think that there is no other way but to pay the ransom. However, the payment never ensures the end of worries. If the criminals find out any particular information that is critical, then further demands might come again. In addition, there is no assurance that the criminals will not release the data even after meeting the demands and the victims cannot confirm whether the stolen files have been removed. Thus, the best way to deal with it is to prevent it.

The below steps can keep Doxware attacks at bay:
• Any Doxware attack starts with a phishing attack. The users should know how to recognize and mitigate phishing attempts in the form of attachments or mysterious links coming from unknown senders in the emails. (please refer to the previous blog posted on detection of phishing e-mails)
• Refrain from keeping all sensitive data in a single hard drive; if that is not possible; at least spread the data in multiple devices/ hard drives.
• Always make sure that the important and sensitive files are encrypted.
• Always keep the anti-virus or anti-malware software (like eScan) updated regularly. It should be capable enough to detect and mitigate newer threats that are emerging every day.
• The users need to be more alert towards malvertising and the websites where malware-infected ads appear. These include social media websites, adult websites and other illegal/ unauthorized online shows.

Doxware attacks are comparatively lesser known than the conventional ransomware attacks. However, eScan, being a security software developer, is of the opinion that, any criminal having opportunity to make money, would definitely take advantage of it. Doxware is nothing but another alarming arrow in the cyber-criminals’ quiver.

Different ways to spot phishing emails

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , | Leave a comment

Different ways to spot phishing emails

Phishing email detection Continue reading

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , | Leave a comment

SHA-1 Collision Found

Google recently announced that they have successfully generated a collision for SHA-1, although it would 90 more days before they reveal to the world as to how they accomplished this task.

Hashing functions are an important aspect of cryptography, since they are used for comparison, finding duplicates and the most important fact is that hashing algorithms are one-way, ie. the resultant string cannot be reversed to find the original string. Due to this, Vendors have been using one-way hashing algorithms like MD-5, SHA-1,SHA-256 to store passwords and whenever the correct password is provided by the user, the resultant Hash will always match with the stored value, thus validating the authentication process.

Computation of Hash Collision is based on the fact that , there might exist two different strings which would generate the same Hash or, by using enough computational power, the original string used for generating the Hash could be found, there-by rendering the usage of the said Hash Algorithm useless.

With the advancements in the technology and faster computation being made available , this doesn’t surprise the experts, it was just a matter of time before someone could have come up with an algorithm to find the collision.

MD5 , as an hashing algorithm which was not just cracked but the collisions have also been made available with almost 829.726 Billion unique decrypted hashes have been made available publicly.

eScan warns that , every vendor / developer who uses SHA-1 as the preferred algorithm for password comparison, should switch over to SHA-3 or SHA-256. Since, as of this moment, SHA-3 and SHA-256 are considered to be very tough and should be able to with-stand the onslaught of computational power for next few years.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , | Leave a comment

Latest Android malware can eavesdrop and access contacts list

Spy Android

A group of sophisticated hackers have targeted Android phones of Israeli Defense personnel by developing a malware named ViperRAT that has spying functions exposing the vital and sensitive whereabouts of the soldiers to the sly enemies. This malware has been specifically created to hijack Israeli soldiers’ Android devices and remotely siphon off valuable data like photos, designs or audio recordings directly from the compromised devices. Adding to the woes, it can even access the contact list, read text messages or eavesdrop conversations.

According to the investigation, the defense personnel were lured with social engineering techniques – mainly via honey traps from countries like Canada, Germany and Switzerland in Facebook messenger. The soldiers were conned into installing a Trojan version of apparently legitimate Android chat app for better engagement into adult conversation. Once the app is downloaded and installed in the smartphones, it pretends as an update for an already installed app and tricks the victims to permit the update to carry out the surveillance. Apparently the victims feel that they will be able to get close to those women and ultimately get preyed.

According to researchers, the hackers successfully established a widespread cyber espionage campaign with ViperRAT malware by taking hostage of a good number of mobile devices of popular brands belonging to more than 100 Israeli soldiers. This malware gathered a wide range of data from the compromised devices including Geo-location, call logs, images, SMS, network and device metadata, internet browsing history and app download status.

This malware is still keeping the defense and security personnel on toes and forcing them to impose stringent guidelines for the soldiers to stay away from any further miscreant. eScan agrees with such set of guidelines which asks every individuals not to download any app without any proper verification. They need to crosscheck the authenticity with the help of reputed sources and anything unusual should be dropped immediately. It was even suggested to install a reputed mobile antivirus and regularly scan the smartphone to evaluate the presence of any suspicious app or detect any doubtful activity.

Posted in eScan 11, eScan 14, MailScan, Security | Tagged , , , , , , , , | Comments Off on Latest Android malware can eavesdrop and access contacts list