DoNex Ransomware
Information security (infosec) researchers identified a ransomware variant known as DoNex during a thorough examination of potential malware threats. This ransomware is designed with the primary objective of encrypting data stored on the compromised devices. Cybercriminals employ this harmful software to lock the victims' data, intending to leverage it as a means of extortion for monetary gain.
Upon successful infiltration, the DoNex Ransomware communicates with the affected users or organizations by presenting a ransom note, typically named 'Readme.[VICTIM_ID].txt.' Additionally, the threat alters the filenames of all encrypted files by appending its own unique extension, which serves as the ID for the specific victim. For instance, a file originally named '1.doc' undergoes a transformation into '1.doc.f58A66B61,' while '2.pdf' becomes '2.pdf.f58A66B61,' and so on.
The DoNex Ransomware Causes Serious Damage to the Infected Devices
The ransom note associated with the DoNex Ransomware begins with a warning, alerting the victim to the presence of the DoNex threat and conveying that their data has undergone encryption. An ultimatum is presented by the attackers, indicating that failure to comply with the ransom demands will result in the publication of the victim's data on a TOR website. To facilitate access, the note provides a link for downloading the Tor Browser, a tool necessary to navigate the specified website.
In an attempt to mitigate some concerns, the note asserts that the ransom-seeking group is not driven by political motives but rather seeks only financial gain. The victim is assured that upon payment, the cybercriminals will provide decryption programs and delete the compromised data, underscoring the importance of victims maintaining their reputations.
To establish a degree of trust, the note extends an offer to decrypt one file for free, allowing the victim to verify the efficacy of the decryption process. Contact information is also provided, including a Tox ID, an email address at 'donexsupport@onionmail.org,' and a cautionary note against deleting or modifying files, as such actions could result in damage to the files. The note concludes with a threat, warning of potential future attacks on the victim's company should the ransom remain unpaid.
It is imperative for victims to resist succumbing to ransom demands, as there is no guarantee that the attackers will fulfill their promise of providing decryption tools even after receiving the ransom payment. Furthermore, prompt removal of the ransomware from compromised computers is essential. This not only reduces the risk of further encryption but also helps stem the potential spread of ransomware to other computers within the same network. It is crucial to note that eliminating the ransomware threat does not automatically restore access to files and data that have already undergone encryption.
Adopt a Robust Security Approach on All Devices
To safeguard machines and data from ransomware attacks, users are strongly advised to implement a comprehensive set of measures aimed at prevention, detection, and mitigation. Here are key recommendations:
- Install and Update Security Software: Employ reputable anti-malware software to detect and block ransomware. Keep security software up-to-date to ensure protection against the latest threats.
- Regularly Update Operating Systems and Software: Promptly update operating systems, applications, and software to patch vulnerabilities that could be exploited by ransomware.
- Exercise Caution with Emails: Avoid opening emails from unknown or suspicious sources. Refrain from interacting with links or downloading attachments from unsolicited emails.
- Backup Data Regularly: Perform regular backups of important info to an outside device or a secure cloud service. Ensure backups are stored offline or with restricted access to prevent them from being compromised by ransomware.
- Use Network Security Measures: Employ firewalls, intrusion detection/prevention systems, and secure Wi-Fi networks to protect against unauthorized access and ransomware spread.
- Enable Two-Factor Authentication (2FA): Implement 2FA every time you can to reinforce your security, making it harder for unauthorized users to gain access.
- Educate and Train Users: Educate users about the risks of phishing attacks and social engineering tactics used by cybercriminals. Provide training on how to recognize and report potential threats.
- Limit User Privileges: Restrict user permissions to only the necessary level for their roles, minimizing the impact of a potential ransomware infection.
By combining these measures, users can create a robust defense against ransomware attacks, reducing the risk of infection and minimizing the potential impact on their devices and data.
The ransom note of DoNex Ransomware is:
'!!! DoNex ransomware warning !!!
Your data are stolen and encrypted
The data will be published on TOR website if you do not pay the ransom
Links for Tor Browser:
What guarantees that we will not deceive you?
We are not a politically motivated group and we do not need anything other than your money.
If you pay, we will provide you the programs for decryption and we will delete your data.
If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future.
Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment.
You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID
Download and install TOR Browser hxxps://www.torproject.org/
Write to a chat and wait for the answer, we will always answer you.You can install qtox to contanct us online hxxps://tox.chat/download.html
Tox ID Contact: 2793D009872AF80ED9B1A461F7B9BD6209 744047DC1707A42CB622053716AD4BA624193606C9Mail (OnionMail) Support: donexsupport@onionmail.org
Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems!
Warning! If you do not pay the ransom we will attack your company repeatedly again!'
