Ransomware cyber

Avast

Jul 10, 2024 1 min read
Avast

Avast successfully developed a decryptor for the DoNex ransomware family, identifying a flaw that allowed victims to recover their files without charge. Previously known as Muse and DarkRace, DoNex, which emerged in April 2022, targeted individuals and organizations, causing disruptions mainly in the US, Italy, and Belgium. By encrypting files with a ChaCha20 symmetric key and further securing the symmetric file key with RSA-4096 encryption, the ransomware demanded a ransom for file decryption. Avast’s decryptor has been distributed in secrecy since March 2024, in collaboration with law enforcement, to avoid alerting the ransomware authors. The company also provided the public with Indicators of Compromise to help identify and mitigate this security threat.

Source: https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html

TPRM report: https://scoringcyber.rankiteo.com/company/avast

"id": "ava915071024",
"linkid": "avast",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'location': ['US', 'Italy', 'Belgium']}],
 'data_breach': {'data_encryption': 'ChaCha20 symmetric key and RSA-4096 '
                                    'encryption'},
 'date_detected': 'April 2022',
 'description': 'Avast developed a decryptor for the DoNex ransomware, '
                'allowing victims to recover files without charge. Known as '
                'Muse and DarkRace, DoNex targeted individuals and '
                'organizations, causing disruptions mainly in the US, Italy, '
                'and Belgium. The ransomware encrypted files with ChaCha20 '
                'symmetric key and RSA-4096 encryption, demanding a ransom for '
                "decryption. Avast's decryptor, distributed since March 2024, "
                'was kept secret to avoid alerting the authors. Indicators of '
                'Compromise were provided to help identify and mitigate the '
                'threat.',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': 'ChaCha20 symmetric key and RSA-4096 '
                                   'encryption',
                'ransomware_strain': 'DoNex'},
 'response': {'law_enforcement_notified': True,
              'third_party_assistance': 'Avast'},
 'threat_actor': 'DoNex Ransomware',
 'title': 'DoNex Ransomware Incident',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.