Avast Unveils Free Decryptor for DoNex Ransomware and Previous Versions. Here is everything to know.

FinalDraft

Avast Unveils Free Decryptor for DoNex Ransomware and Previous Versions. Here is everything to know.

In a significant development, cybersecurity company Avast has unveiled a free decryptor for the notorious DoNex ransomware and its previous iterations. Victims can now recover their files without paying a ransom, thanks to this breakthrough.

avast-1024x576 Avast Unveils Free Decryptor for DoNex Ransomware and Previous Versions. Here is everything to know.

The DoNex Ransomware: A Brief Overview

DoNex first emerged in March 2024, but its roots trace back to April 2022. Over time, it has undergone several transformations, operating under different guises. Initially known as “Muse,” it later rebranded as a fake version of LockBit 3.0. The genuine LockBit 3.0 was launched by Dmitry Khoroshev’s gang in June 2022, but its builder was leaked months later. DoNex imitated this strain, capitalizing on the chaos.

In May 2023, DoNex underwent yet another rebranding, adopting the name “DarkRace.” This new variant targeted victims primarily in Italy. Its payload bore similarities to LockBit 3.0, suggesting minimal effort in developing a novel strain throughout its lifecycle.

The Flaw in DoNex’s Encryption

Avast’s researchers discovered a vulnerability in DoNex’s cryptographic scheme. During ransomware execution, an encryption key is generated using the CryptGenRandom() function. This key initializes the ChaCha20 symmetric key, which encrypts the files. For small files (up to 1 MB), the entire file is encrypted. For larger files, intermittent encryption splits the file into blocks, encrypting them separately. The symmetric file key is then encrypted by RSA-4096 and appended to the end of the file.

The Decryptor Tool

Avast’s decryptor is now available for free download. Victims are advised to run it as an administrator, preferably using the 64-bit version. Although the password-cracking process is memory-intensive, it typically takes only a second. Avast recommends the 64-bit version for optimal performance.

Conclusion

With the release of this decryptor, Avast has dealt a blow to the DoNex ransomware gang. Victims can regain access to their files without succumbing to extortion. As cybersecurity companies continue their battle against ransomware, such initiatives provide hope for a safer digital landscape.

Remember, vigilance and regular backups remain essential in safeguarding against ransomware attacks. Stay informed, stay secure, and protect your digital assets.


You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment