Security News > 2022 > November > Donut extortion group also targets victims with ransomware
The Donut extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise.
BleepingComputer first reported on the Donut extortion group in August, linking them to attacks on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.
Strangely, the data for Sando and DESFA was also posted to several ransomware operations' sites, with the Sando attack claimed by Hive ransomware and DESFA claimed by Ragnar Locker.
This week, BleepingComputer found a sample [VirusTotal] of an encryptor for the Donut operation, aka D0nut, showing that the group is using its own customized ransomware for double-extortion attacks.
When a file is encrypted, the Donut ransomware will append the.
The Donut ransomware operation also includes a "Builder" on their data leak site that consists of a bash script to create a Windows and Linux Electron app with a bundled Tor client to access their data leak sites.