DoNex ransomware decryptor released

DoNex ransomware decryptor released

Researchers from cybersecurity firm Avast have uncovered a critical flaw in the cryptographic mechanism of the notorious DoNex ransomware and its predecessors. This discovery has allowed Avast, in collaboration with law enforcement organizations, to silently provide decryptors to victims of DoNex ransomware since March 2024.

The cryptographic weakness was publicly revealed at the Recon 2024 conference, Avast said, adding that it doesn’t have a reason to keep the flaw secret.

DoNex, which has undergone several rebrandings, first emerged under the name Muse in April 2022. Since then, the ransomware evolved through multiple iterations, including fake LockBit 3.0 and DarkTrace, culminating in the final version known as DoNex.

However, since April 2024, no new samples of DoNex have been detected, and its associated TOR site has been offline, indicating a potential halt in its evolution and operations. DoNex has been known for its targeted attacks, primarily affecting victims in the United States, Italy, and Belgium.

Back to the list

Latest Posts

Over 80K Roundcube webmail servers affected by high-severity RCE flaw

Over 80K Roundcube webmail servers affected by high-severity RCE flaw

Researchers report that an exploit for the vulnerability is already being sold on underground forums.
10 June 2025
Vulnerable Wazuh servers targeted by two Mirai botnets

Vulnerable Wazuh servers targeted by two Mirai botnets

The botnets exploited the flaw to fetch and execute a malicious shell script that serves as a downloader for the main Mirai malware payload.
10 June 2025
China-linked hackers target 70+ orgs across wide range of sectors

China-linked hackers target 70+ orgs across wide range of sectors

The researchers noticed overlaps between PurpleHaze and Chinese cyber espionage groups tracked as APT15 and UNC5174.
10 June 2025