Avast Successfully Defeats DoNex Ransomware, Providing Decryptor

Threat Actor: DoNex Ransomware | DoNex Ransomware
Victim: Various victims | DoNex Ransomware victims
Price: Free
Exfiltrated Data Type: N/A

Key Points :

  • Avast researchers have discovered a critical flaw in the cryptographic schema of DoNex ransomware and its predecessors.
  • The weakness lies in the encryption keys generation and use, allowing Avast to provide a decryptor to DoNex ransomware victims since March 2024.
  • The decryptor tool is now available to the public and offers a user-friendly process to guide victims through the decryption and data restoration.

Researchers from Avast have uncovered a critical flaw in the cryptographic schema of the notorious DoNex ransomware and its predecessors. This discovery has enabled Avast, in cooperation with law enforcement agencies, to provide a decryptor to DoNex ransomware victims since March 2024. The cryptographic weakness was made public at Recon 2024

DoNex, a shape-shifting cyberthreat known for its multiple rebrands (Muse, fake LockBit 3.0, DarkRace), targeted victims primarily in the US, Italy, and Belgium. Since April 2024, no new samples of DoNex have been detected, and its TOR site has been down, suggesting a possible halt in its evolution. All these brands, however, are supported by the newly developed decryptor.

The weakness exploited by Avast lies in the ransomware’s encryption schema, specifically in the generation and use of encryption keys. By leveraging this vulnerability, Avast, in cooperation with law enforcement, has been able to quietly rescue victims’ files without alerting the perpetrators.

The free DoNex ransomware decryptor tool, now available to the public, is user-friendly and guides victims through the decryption process. By providing a pair of original and encrypted files, the tool cracks the encryption password and restores the affected data.

For those who suspect they have been victimized by DoNex or its earlier incarnations, Avast’s decryptor offers a ray of hope. With this powerful tool, victims can reclaim their data and break free from the clutches of ransomware.

Original Source: https://securityonline.info/avast-cracks-donex-ransomware-offering-the-decryptor/