Avast cracks DoNex ransomware, launches decryptor
With the help of several law enforcement agencies, cybersecurity firm Avast discovered a flaw in the cryptographic schema of DoNex ransomware.
In recent years ransomware has been one of the most effective forms of cybercrime, causing a lot of (financial) troubles for organizations and businesses. Whenever we think we fought one off, a new ransomware operation appears.
DoNex ransomware is a good example of this. It first showed its face in April 2022, when it was called Muse ransomware. Later the same year the ransomware operation was renamed to fake LockBit 3.0. In May 2023 it was rebranded to DarkRace.
Finally, in March 2024 we got to know it as DoNex. The ransomware operation was predominantly active in Belgium, Italy, the Netherlands and the United States, and to a lesser extent in China, Germany and India. How many entrepreneurs fell victim to the ransomware operation is unknown.
Avast security researchers silently reverse engineered the evolutions of DoNex ransomware. The company got help from law enforcement agencies from all over the world. That’s how it was able to discover a vulnerability in every version since 2022 and develop a decryptor tool.
In a detailed blog post Avast explains to victims where to download the decryptor tool and how to use it.
Gijs Rijnders, a cyber threat intelligence analyst at the Dutch National Police, gave a technical, in-depth analysis of the malware during the Recon 2024 Conference in Canada.
“To help victims recover from a ransomware attack, we published a decryption tool on the NoMoreRansom platform, an initiative from a number of parties including the Dutch National Police to keep ransomware operators from extorting victims,” he said during his presentation.
Your email address will not be published. Required fields are marked