Access your Pro+ Content below.
Doxware: New ransomware threat, or just extortionware rebranded?
This article is part of the Information Security issue of March 2017, Vol. 19, No. 2
The easiest way to scare enterprises these days is to announce a new ransomware threat, but experts are unsure if doxware is a worrying new ransomware trend or a rebranding of extortionware. On the surface, doxware and extortionware seem to be the same thing: malware variants that combine the data hostage threat of ransomware with the added threat of exposing the data publicly -- instead of keeping it encrypted indefinitely -- if the ransom isn't paid. So, in the eyes of many experts, the two terms can and have been used interchangeably. "There does not appear to be a difference between this and what we have traditionally called extortionware," Casey Ellis, CEO of Bugcrowd, based in San Francisco, told SearchSecurity. "It appears that this simply has a way cooler name." John Bambenek, threat systems manager at Fidelis Cybersecurity, based in Bethesda, Md., said there was value in better branding of security threats. "Every few years, there seems to be a change in how we refer to threats," Bambenek told SearchSecurity. "Part of ...
Features in this issue
Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next?
Faced with the demands of derivatives trading, CSO John Masserini understands the value of aligning controls with business risk. We ask him how he does it.
The threat of ransomware continues to evolve, with a new spin on extortionware, called doxware, that's designed to target and potentially expose sensitive data of ransomware victims.
Columns in this issue
As more companies promote machine learning and artificial intelligence technologies, chief information security officers need to ask some tough questions to get past the hype.
The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers.
How did an editor become a security architect? A fascination with computers sparked a lifelong journey for IBM's executive security advisor.