Avast has revealed its covert efforts in helping victims of the DoNex ransomware recover their encrypted files. Working in collaboration with law enforcement agencies, Avast distributed a decryptor tool after discovering a flaw in DoNex’s cryptographic schema.
This vulnerability, kept under wraps until its disclosure at the REcon 2024 computer security conference, has enabled the creation of a decryption tool for all DoNex variants.
First identified in April 2022, DoNex ransomware has evolved through several versions, including Muse, LockBit 3.0, and DarkRace, targeting users primarily in the US, Italy, and the Netherlands. The ransomware encrypts files on infected systems, applying full encryption to files under 1MB and partial encryption to larger files.
Avast’s decryptor tool, which works on all iterations of DoNex, is user-friendly. To use it, run the tool as an administrator and provide a list of locations affected by the ransomware. You will also need an unencrypted file matching one that has been encrypted. The tool analyzes these files and then proceeds to decrypt the affected data.
Preventing ransomware infections remains crucial. Users are advised to avoid suspicious links in emails and texts, use strong passwords, enable multi-factor authentication, and utilize password managers for enhanced security.
