New DoNex Ransomware Targets Enterprises in the Wild

Written by Gabby Lee

March 12, 2024

New DoNex Ransomware Targets Enterprises in the Wild

Organizations in the United States and Europe are facing a significant threat from a new strain of the “DoNex ransomware.”


This malicious software has been successfully infiltrating companies and causing harm. Cybersecurity experts are currently dedicating considerable effort to comprehending the extent of the attack and devising effective countermeasures.

The DoNex ransomware group has gained attention by publicly identifying various companies as their victims on the dark web portal, accessed through the Onion network.

Their strategies are clever, utilizing a double-extortion technique. This involves encrypting files and adding a distinct VictimID extension, as well as extracting sensitive data and withholding it as leverage to increase pressure on the victims for ransom payment.

Ransom Notes and Comms

Companies that have been impacted by the DoNex ransomware have discovered ransom notes named Readme.VictimID.txt on their systems.

These notes instruct the victims to communicate with the DoNex ransomware group through Tox messenger, a secure and anonymous peer-to-peer instant messaging service.

The use of Tox indicates that the attackers prioritize secure communication channels, making it more difficult for law enforcement to trace and intercept their activities.  

Who is The DoNex Ransomware?

Broadcom was the first to identify the new ransomware actor, self-referred to as “DoNex,” which was first detected in March.

The specific techniques employed by DoNex to breach enterprise systems are currently unknown.

Cybersecurity teams are actively monitoring the situation and conducting comprehensive investigations to uncover the group’s methods.

Understanding the attack vectors is essential in order to prevent future incidents and develop robust defense strategies.

DoNex Prevention for Enterprise

The emergence of the DoNex ransomware serves as a clear reminder of the ever-changing threat landscape.

It is crucial for enterprises to maintain a high level of vigilance, ensuring that their security systems are regularly updated.

Additionally, educating employees about the risks associated with ransomware is essential. Implementing regular backups and establishing a robust incident response plan are crucial steps in minimizing the impact of such attacks.

As the situation continues to unfold, it is expected that cybersecurity firms and law enforcement agencies will release further updates and advisories. Keep a look out for CISA and FBI advisories.

It is imperative for companies to actively monitor these communications and collaborate with the cybersecurity community to effectively defend against both current and future ransomware threats.

Related Articles

Daixin Ransomware Claims Omni Hotels Cyberattack

Daixin Ransomware Claims Omni Hotels Cyberattack

The Daixin Team ransomware gang has taken responsibility for a recent cyberattack on Omni Hotels & Resorts and is currently issuing threats to publish sensitive customer information unless a ransom is paid. This development comes after the hotel chain experienced...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

 

Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!