DoNex is a financially motivated ransomware group that first emerged in April 2022 under the name Muse, subsequently rebranding as fake LockBit 3.0 in November 2022, DarkRace in May 2023, and finally DoNex in March 2024. The group uses double extortion tactics, encrypting files and exfiltrating sensitive data to pressure victims into paying. They target enterprises primarily in the United States and Europe. A distinguishing characteristic is the cryptographic flaw in their encryptor, specifically its use of the Salsa20 stream cipher without generating a unique nonce or key for each file, which allowed for the development of a free decryptor by Avast and Computest Sector 7 in July 2024. Their motivation is purely financial, with ransom notes often stating they are not politically motivated.

Paises afectados

URLs nuevas detectadas en IntelTracker