DoNex ransomware decryptor released

DoNex ransomware decryptor released

Researchers from cybersecurity firm Avast have uncovered a critical flaw in the cryptographic mechanism of the notorious DoNex ransomware and its predecessors. This discovery has allowed Avast, in collaboration with law enforcement organizations, to silently provide decryptors to victims of DoNex ransomware since March 2024.

The cryptographic weakness was publicly revealed at the Recon 2024 conference, Avast said, adding that it doesn’t have a reason to keep the flaw secret.

DoNex, which has undergone several rebrandings, first emerged under the name Muse in April 2022. Since then, the ransomware evolved through multiple iterations, including fake LockBit 3.0 and DarkTrace, culminating in the final version known as DoNex.

However, since April 2024, no new samples of DoNex have been detected, and its associated TOR site has been offline, indicating a potential halt in its evolution and operations. DoNex has been known for its targeted attacks, primarily affecting victims in the United States, Italy, and Belgium.

Back to the list

Latest Posts

Coordinated brute-force campaign targets Apache Tomcat Manager interfaces

Coordinated brute-force campaign targets Apache Tomcat Manager interfaces

The campaign, first observed on June 5, involves brute-force login attempts originating from hundreds of unique IP addresses.
12 June 2025
ConnectWise rotates digital certificates due to security risks

ConnectWise rotates digital certificates due to security risks

The company said that this is a preventive action and not related to any recent security incident.
11 June 2025
Major police crackdown takes down 20K malicious IPs and domains linked to info-stealers

Major police crackdown takes down 20K malicious IPs and domains linked to info-stealers

Dubbed ‘Operation Secure’, the effort ran from January to April 2025 and targeted cybercriminal infrastructure worldwide.
11 June 2025