Aditi Dosi
3 min readDec 9, 2022



Ransomware evolution or merely media hype?

The world of ransomware continues to evolve, finding clever new ways to extort victims for higher sums of money. Case in point? Doxware. This spin on ransomware not only holds your personal information for ransom but also threatens to publish identifiable details online. Imagine if someone made your name, address and private chat conversations public if you refused to pay a ransom. Scary right?

we will explore doxing, and how ransomware criminals are turning to this morally dubious practice to extort higher ransoms. Netflix and Larson Studios are learning about doxing the hard way. Don’t be the next victim. Stick around and stay ahead of malware criminals.

But before we dive into the ins and outs of doxware, let’s start at the beginning…

What is doxing?

Doxing or doxxing derives from the word “docs” (documents). It refers to the act of exposing someone publicly by means of posting private conversations and identifiable details such as phone numbers or a physical address online. It is commonly associated with internet harassment and usually conducted with malicious intent.

“It’s like vigilantism — a way for people to take the law into their own hands to ‘out’ someone. But, like vigilantism, it can have unintended consequences if the wrong person is outed or the effects go too far.”

Doxware Vs ransomware: what’s the difference?

Ultimately, there are 5 key differences between ransomware and doxware:

  1. Exposure v encryption. While ransomware threatens victims through encryption of data, rendering it useless until a ransom is paid, doxware threatens to make public sensitive information that is has created copies of. You may still have full access to all of your files following a doxware attack, so decrypting or restoring from a backup does not solve the threat of exposure.
  2. Targeted v scattered infection. Though both use spam emails to spread, doxware needs to gather specific sensitive information about its targets to make the exposure threat credible. Ransomware campaigns on the other hand target more broadly, such as specific countries. This extra work required by doxware attackers is often mitigated by asking for a higher ransom.
  3. Considered attacks yield better targets. Doxware can use the sensitive information it has gathered, such as the details of all of your contacts, to target and infect new people.
  4. Fewer files, but a bigger impact. While ransomware tends to encrypt all or most files once it has taken over a victim’s system, doxware typically targets a smaller number of files. This is because it is unlikely the hacker has enough space to store thousands of your files and the movement of large numbers of files can be detected more easily.
  5. More work = more ransom. Because of the risk of public embarrassment or damage to a company’s reputation, doxware attackers tend to demandhigher ransom compared with typical ransomware developers.Higher ransom is also requested to compensate for the added work required in such a highly-targeted approach.

To summarize, in a ransomware attack the malware encrypts your data and demands payment to return the files. In the case of doxware, your files and private information are copied and held at the threat of public disclosure.

Quick definition:

Ransomware = takes information

Doxware (extortionware) = releases information

Luckily, since the infection methods of both attacks are the same, doxware can be prevented in much the same way as ransomware.

How to protect against a doxware attack

While doxware is still an emerging threat, it behaves similarly to a ransomware infection. There are some simple steps you can take to prevent it affecting your life:

  • Learn about common phishing scams and how to prevent them because as you now know, doxware is most likely to enter your system via typical ransomware infection methods such as scam emails.
  • Spring clean your computer regularly with these 5 steps to prevent doxware from ever entering your system.
  • Run a respected anti-malware suite and keep it updated to prevent zero day threats such as newly released doxware and ransomware strains.

Prevention is the best cure against all kinds malware: follow the above advice today to start preparing yourself and your system for the threats of tomorrow.

Have a great (malware-free) day!