Security specialists observe a recent trend in the ransomware evolution. The hacker seem to create new tactics that force the malware victims into paying the ransom fee sum. Learn more about the new doxware fashion that is trending as one of the most active ransomware development trends.
Doxware Is the Newest Ransomware Development Trend
Security researchers have uncovered that a rising number of ransomware strains have changed their tactics. While in earlier ransomware families users were blackmailed into paying the ransom sum to restore access to their files, a new trend has arisen. Dubbed “doxware” by the specialists, this new idea is linked into a new feature that leaks the victim’s sensitive data if the ransom is not paid.
This doesn’t come as a surprise. In practice almost all ransomware variants target most popular file name extensions and that always include private and sensitive information of some kind. Those viruses that have the ability to upload the files directly to the remote servers can benefit from this trend. Depending on the ransomware code we might see different tactics on how to employ this new doxware ransomware evolution:
- File ransom in the remote malicious C&C servers or cloud account – This is attributed to ransomware viruses that have the ability to upload the sensitive files directly to the criminal remote storage locations
- Remote Trojan Access – The hackers can directly access the compromised machines and harvest the necessary data
Leaking important and sensitive files may boost the ransomware payments. The reason is that while file restoration may be possible without paying the money, the victims have not way to control how their stolen data is processed. Several security experts have already seen ransomware variants that are under active development that contain modules that are specifically built to allow the virus to leak the data after the time limit has passed and the payment has not been received.
Of course this whole setup would need to be maintained by the attackers. This complicated scenario needs the following components to be effective:
- Remote Infrastructure solutions that can host the victim files and keep track of the infections
- Programmed modules in the ransomware that provide the functionality
- Solutions that counter any anti-spyware products and tactics that can prevent the data leaks
All of this has a particularly strong downside. Creating such an elaborate infrastructure could potentially reveal the locations of the hackers. This, in turn, will lead to new features that will improved stealth capabilities.
Ransomware that contain doxware code are already on sale on various undergorund black markets. One of the famous examples include variants of the Pony family. Serious concerns for the privacy of the compromised computers have been raised by security specialist around the world. The rising trend of the doxware ransomware has called for a change in strategy when dealing with incoming attacks and mitigating existing infections.
Security experts are anticipating that more individuals and companies will invest in strengthening their existing measures against malware threats, virus propagation and other dangers.