Avast successfully developed a decryptor for the DoNex ransomware family, identifying a flaw that allowed victims to recover their files without charge. Previously known as Muse and DarkRace, DoNex, which emerged in April 2022, targeted individuals and organizations, causing disruptions mainly in the US, Italy, and Belgium. By encrypting files with a ChaCha20 symmetric key and further securing the symmetric file key with RSA-4096 encryption, the ransomware demanded a ransom for file decryption. Avast’s decryptor has been distributed in secrecy since March 2024, in collaboration with law enforcement, to avoid alerting the ransomware authors. The company also provided the public with Indicators of Compromise to help identify and mitigate this security threat.
Source: https://securityaffairs.com/165469/malware/donex-ransomware-decryptor.html
"id": "ava915071024",
"linkid": "avast",
"type": "Ransomware",
"date": "7/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"