Companies must now deal with a new ransomware threat: 2017 is likely to see a proliferation of doxware attacks.
2016 was the year when cybercriminals fully embraced ransomware and used it to devastating effect on many organizations. As 2016 started, the healthcare industry was heavily targeted. Cybercriminals rightly assumed that the need for healthcare professionals to access patient data would mean ransom payments would likely be paid. That was certainly the case with Hollywood Presbyterian Medical Center. An attack resulted in a ransom of $17,000 being paid to allow the medical center to regain access to patient data and computer systems
Hospitals throughout the United States continued to be attacked, but not only in the United States, Attacks spread to the United Kingdom and Germany. The education sector was also hit heavily. Many schools and universities were attacked and were forced to pay ransoms to obtain keys to unlock their data.
Between April 2015 and March 2016, Kaspersky Lab reported that ransomware infections rose by 17.7%. The figures for April 2016 to March 2017 are likely to show an even bigger rise. Ransomware has rarely been out of the news headlines all year.
Cybercriminals are making stealthier and more sophisticated ransomware variants to avoid detection and cause more widespread disruption. Widespread media coverage, warnings by security companies and law enforcement agencies, and the likely costs of dealing with attacks has led many companies to improve their defenses and develop strategies to recover from infections.
With ransom demands of tens of thousands of dollars – or in some cases hundreds of thousands of dollars – and widespread attacks, the threat can no longer be ignored
One of the best ways of avoiding having to pay a sizeable ransom is to ensure data are backed up. Should ransomware be installed, IT departments can wipe their systems, restore files from backups, and make a quick recovery.
Ransomware is only an effective income generator for cybercriminals if ransoms are paid. If companies can easily recover, and restoring data from backups is cheaper than paying a ransom, cybercriminals will have to look elsewhere to make their money.
However, ransomware is far from dead. Cybercriminasl are changing their tactics. Ransomware is still being used to encrypt data, but an extra incentive is being added to the mix to increase the chance of a ransom being paid.
Doxware: The New Ransomware Threat
Doxware, like ransomware, encrypts data and a ransom demand is issued. However, in addition to encrypting data, information is also stolen. The gangs behind these attacks up the ante by threatening to publish sensitive data if the ransom is not paid.
If access is gained to corporate emails or other electronic conversations, the potential harm that can be caused is considerable. Reputation damage from doxware can be considerable, making payment of a ransom far more preferable to recovering data from a backup. If intellectual property is stolen and published the consequences for a company could be catastrophic.
2016 has already seen extortion attempts by hackers who have infiltrated networks, stolen data, and threatened its release if ransom payments are not made. TheDarkOverlord attacks on healthcare providers are just one example. However, in those attacks data were simply stolen. The combination of data theft with ransomware would be more likely to see ransoms paid. Already we have seen ransomware variants that combine an information stealing component and 2017 is likely to see the problem get far worse.