/Doxware the next step in evolution

Doxware the next step in evolution

It seems like yesterday that the only malware that existed were Adware and Spyware. Spyware was bad, in the worst case scenario it contained a keylogger that captured your login credentials which in turn were abused to send spam.

A few years ago, malware evolved and we got the first ransomware. Software locking your computer claiming that you did something bad and you needed to pay a fine to unlock your computer. Annoying, but easy to fix with the right tools. When computers became fast enough, ransomware evolved to what we now know as the crypto locker. Software that encrypts your files and demands a ransom to get your files back. If executed well, paying ransom will be the only way to regain access to our files, granted you don’t have a back-up of your files.

But it’s just a matter of time before things will get even worse. Doxware is on the horizon and cyber criminals are already experimenting with this new kind of malware. If you thought that software keeping your files ransom wasn’t bad enough, imagine being extorted for ransom with the risk of all your personal information begin shared with the world.

DoxWare or ExtortionWare will gather as much personal information as possible from your computer. It might reside days on your computer logging your keystrokes and capturing your screen. All this information is sent out to an external server owned by the criminals. When enough information has been gathered the ransom note will be shown. Demanding a hefty fee for your personal data. Threatening you that if you don’t pay all your personal information will be shared with everyone you know. Think about financial information, medical information, personal e-mail, private social media messages, browser history and much more being shared with all contacts gathered from your system including online accounts such as your email contacts and social media contacts.

Our mobile phones will also be the primary target for this new type of malware. Our smartphones contain so much personal information that the thought of everything being shared might be enough for people to promptly pay the ransom. Ransomware has proven to be so profitable that it’s safe to say this new type of malware has a great chance of success.
The worst part of doxware will be the threat. Once a few successful variants of DoxWare have spread, the fakes will wreak havoc. It’s easy to determine if a CryptoLocker is fake, you can simply check if your files are still there. It’s next to impossible to check if DoxWare is fake, did it send your personal information to a server? Or is it bluffing?

It’s even worse for companies. In 2018 the General Data Protection Regulation, better known as GDPR, will come into effect within the EU, forcing companies to protect their data and report a data breach in any shape or form within 72 hours of the data breach (Article 33). Imaging this message on one of your systems within the company:

You will have 72 hours to find out if the threat is real before you are required to report the data breach and 95 hours to pay the ransom. It’s up to the company to prove that no data breach has occurred. If the DoxWare doesn’t encrypt the files, there might also be no way to detect the DoxWare on the network. Meaning a user could close or ignore the warning potentially damaging the companies reputation. This also creates a problem for the developers of security software. It’s obvious they should try to stop the infection from happening, but what if the information has already been sent out and the message is about to be shown? It’s possible that criminals might want to detect AV software killing their malware and send out all the private information that has been gathered.


It’s hard to say if, when and how DoxWare will take off. But seeing how successful RansomWare has become, it’s not hard to imagine criminals trying to find the next big thing.