The purloined data remains an ongoing threat; victims cannot confirm that stolen files have been erased. Therefore, the best method of dealing with a attack is to prevent it. The following tips can help protect against doxware attacks:
- Most doxware attacks begin with a phishing attack. Educate users on how to deal with phishing attempts, such as not opening email attachments from unknown sources and not clicking on links contained in emails.
- Do not store sensitive data on a hard drive; if that is impossible, try to spread the data over multiple servers.
- Encrypt files while they are at rest, and make sure that sensitive files are always encrypted.
- Keep anti-malware software updated; new threats are constantly emerging.
- Educate users on malvertising and the types of sites that are common sources of malware-infected ads. These include adult websites, Facebook, Skype and "pirate" sites hosting illegal copies of movies and television shows.
Although an offsite backup will not prevent a doxware attack, it is still important to have. Should the attacker provide the decryption key after the ransom has been paid; there is no guarantee that the decrypted files will not be irretrievably corrupted.
Doxware attacks are far less common than traditional ransomware attacks, but as any security professional knows, when criminals have the opportunity to make an easy profit, they will take advantage of the opportunity. As Mr. Robot once said, "We're at war." Doxware is simply another insidious weapon in a cybercriminal's arsenal.
If you are concerned about advanced malware attacks, consider building an incident response plan and automating security operations. Automation and collaboration can help reduce adhoc activities and streamline operations during crisis. In addition, using automation can help reduce the MTTR and reduce exposure time.
Sign up for Computerworld eNewsletters.