Security News > 2024 > July > Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released
A cryptographic weakness in the DoNex ransomware and its previous incarnations - Muse, fake LockBit 3.0, and DarkRace - has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants.
"In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024," the company's Threat Research Team has shared on Monday.
The DoNex ransomware actor appeared in early March 2024 and claimed several companies as victims.
"Since April 2024, DoNex seems to have stopped its evolution, as we have not detected any new samples since. Additionally, the TOR site of the ransomware has been down since that point."
Files encrypted via the DoNex ransomware get a unique extension, and the file with the ransom note is named Readme.
After downloading the decryptor, victims need to provide a list of drives, folders, and files that need to be decrypted, as well as an encrypted file and the same file in its original form.
News URL
https://www.helpnetsecurity.com/2024/07/08/decryptor-donex-muse-darkrace-fake-lockbit-3-0/
Related news
- Police arrest four suspects linked to LockBit ransomware gang (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)