Risk & Repeat: Doxware emerges as a new threat to data privacy

A new spin on the ransomware model could spell trouble for enterprises and data privacy.

The recent emergence of ransomware attacks threatening to make encrypted data public -- rather than threatening to delete the data -- has security experts contemplating the concept of "doxware," also known as extortionware. The concept of extortionware has been around for some time. However, recent ransomware attacks that threatened to expose or "dox" victims' private information, such as the "Epic" Crypt.Locker ransomware variant, have highlighted the threat.

The threat of doxware could complicate matters for enterprise security teams because it negates one of the best defenses for ransomware attacks -- backup and recovery services. In addition, recent breaches and exposures of private emails and documents, such as the phishing attack on Clinton campaign chairman John Podesta, have demonstrated that data becoming public can be much more damaging than data being destroyed.

How are cybercriminals adapting their ransomware attacks in 2017? Who will be targeted by these extortionware attacks? What steps can enterprises take to defend against doxware?

In this episode of SearchSecurity's Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of doxware. They also discuss recent MongoDB security issues, as well as a Federal Trade Commission lawsuit against D-Link over alleged security weaknesses in the vendor's wireless routers.