New DoNex Ransomware Observed in the Wild Targeting Enterprises

Enterprises across the United States and Europe are on high alert as a new ransomware strain, dubbed “DoNex,” has been actively compromising companies and claiming victims.

This emergent threat has cybersecurity experts working overtime to understand the attack’s full scope and develop countermeasures.

The DoNex ransomware group has made its presence known by listing several companies as its victims on their dark web portal, accessible via the Onion network.

The group’s tactics are particularly insidious, employing a double-extortion method.

This not only involves the encryption of files, which are then appended with a unique.

VictimID extension, but also the exfiltration of sensitive data, holding it hostage to leverage additional pressure on the victims to pay the ransom.

Ransom Notes and Communication

Affected companies have discovered ransom notes named Readme.VictimID.txt on their systems, which instruct them to establish contact with the DoNex group through Tox messenger, a peer-to-peer instant messaging service known for its security and anonymity features.

Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

• Interact with malware safely
• Set up virtual machine in Linux and all Windows OS versions
• Work in a team
• Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Analyze malware in ANY.RUN for free

The use of Tox indicates an attacker’s preference for secure communication channels, making it more challenging for law enforcement to track and intercept.

Broadcom recently spotted the emergence of a new ransomware actor, self-dubbed “DoNex,” which was detected in the wild during March.

Currently, the exact methods DoNex uses to infiltrate enterprise systems remain a mystery.

Cybersecurity teams diligently monitor the situation and conduct thorough investigations to uncover the group’s modus operandi.

Understanding the attack vectors is crucial for preventing further incidents and developing effective defense strategies.

A recent tweet by HackManac reported the emergence of a new ransomware group called Donex.

This group has already leaked data from 5 companies on their website.

Protection Against DoNex

Symantec, a leader in cybersecurity solutions, has identified protections against the DoNex ransomware through its products.

Symantec’s systems detect the threat in two ways:

• File-based Detection: Known as Ransom. Darkrace, this signature-based detection is designed to catch known ransomware file indicators.
• Machine Learning-based Detection: Labeled as Heur.AdvML.B!200, this advanced detection uses machine learning algorithms to identify and block ransomware behaviors that traditional signature-based methods may not catch.

The rise of the DoNex ransomware is a stark reminder of the evolving threat landscape.

Enterprises are advised to stay vigilant, ensure their security systems are up to date, and educate their employees on the risks of ransomware.

Regular backups and a robust incident response plan are also critical in mitigating the impact of such attacks.

As the situation develops, cybersecurity firms and law enforcement agencies are expected to issue further updates and advisories.

It is imperative for companies to monitor these communications and to collaborate with the cybersecurity community to defend against these and future ransomware threats.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.