DoNex Ransomware Observed in the Wild Targeting Enterprises

/in


Enterprises across the United States and Europe are on high alert as a new ransomware strain, dubbed “DoNex,” has been actively compromising companies and claiming victims.

This emergent threat has cybersecurity experts working overtime to understand the attack’s full scope and develop countermeasures.

The DoNex ransomware group has made its presence known by listing several companies as its victims on their dark web portal, accessible via the Onion network.

The group’s tactics are particularly insidious, employing a double-extortion method.

This not only involves the encryption of files, which are then appended with a unique.

VictimID extension, but also the exfiltration of sensitive data, holding it hostage to leverage additional pressure on the victims to pay the ransom.

Ransom Notes and Communication

Affected companies have discovered ransom notes named Readme.VictimID.txt on their systems, which instruct them to establish contact with the DoNex group through Tox messenger, a peer-to-peer instant messaging service known for its security and anonymity features.

Document

Integrate ANY.RUN in your company for Effective Malware Analysis

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data

    • If you want to test all these features now with completely free access to the sandbox:

The use of Tox indicates an attacker’s preference for secure communication channels, making it more challenging for law enforcement to track and intercept.

Broadcom recently spotted the emergence of a new ransomware actor, self-dubbed “DoNex,” which was detected in the wild during March.

Currently, the exact methods DoNex uses to infiltrate enterprise systems remain a mystery.

Cybersecurity teams diligently monitor the situation and conduct thorough investigations to uncover the group’s modus operandi.

Understanding the attack vectors is crucial for preventing further incidents and developing effective defense strategies.

A recent tweet by HackManac reported the emergence of a new…

Source…