Security News > 2024 > July > Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released
A cryptographic weakness in the DoNex ransomware and its previous incarnations - Muse, fake LockBit 3.0, and DarkRace - has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants.
"In cooperation with law enforcement organizations, we have been silently providing the decryptor to DoNex ransomware victims since March 2024," the company's Threat Research Team has shared on Monday.
The DoNex ransomware actor appeared in early March 2024 and claimed several companies as victims.
"Since April 2024, DoNex seems to have stopped its evolution, as we have not detected any new samples since. Additionally, the TOR site of the ransomware has been down since that point."
Files encrypted via the DoNex ransomware get a unique extension, and the file with the ransom note is named Readme.
After downloading the decryptor, victims need to provide a list of drives, folders, and files that need to be decrypted, as well as an encrypted file and the same file in its original form.
News URL
https://www.helpnetsecurity.com/2024/07/08/decryptor-donex-muse-darkrace-fake-lockbit-3-0/
Related news
- FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out (source)
- FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims (source)
- Police arrest Conti and LockBit ransomware crypter specialist (source)
- Ukraine Police Arrest Suspect Linked to LockBit and Conti Ransomware Groups (source)
- Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach (source)
- Russians plead guilty to involvement in LockBit ransomware attacks (source)
- Two Russian Nationals Plead Guilty in LockBit Ransomware Attacks (source)