New DoNex Ransomware Observed in the World Targeting Enterprises

European & US-based businesses are on high alert due to a recent ransomware strain known as "DoNex," which has been actively infecting networks and taking victims. Cybersecurity professionals are working nonstop to comprehend the entire extent of the attack and create countermeasures in response to this emerging threat.

Several companies have been listed as victims of the DoNex ransomware organization on their dark web domain, which can be accessed through the Onion network, thereby establishing their presence. The gang uses a double-extortion technique, which makes its techniques sneakier.

In order to put more pressure on the victims to pay the ransom, this entails not only the encryption of files, which are then added with a distinct VictimID extension but also the exfiltration of sensitive data and its subsequent hostage-taking.

Notes on Ransom and Communication

The impacted businesses have found Readme.VictimID.txt ransom notes on their computers, telling them to contact the DoNex organization using Tox Messenger, a peer-to-peer instant messaging app renowned for its security and anonymity capabilities.

The Preference of an attacker for secure communication channels is shown by the use of Tox, which makes it more difficult for law enforcement to monitor & intercept. Broadcom discovered a self-dubbed “DoNex” as a new ransomware attacker in March this year.

The precise techniques DoNex uses to breach corporate networks are still unknown at this time. Cybersecurity teams keep a close eye on everything and carry out in-depth investigations to find out how the group operates.

How to Protect Yourself from DoNex?

Symantec is a leading provider of cybersecurity solutions and has discovered ways to defend its products against the DoNex ransomware. The danger is identified by Symantec's systems in 2 ways:

  1. File-based Detection: Darktrace is a signature-based detection tool intended to identify file indicators associated with known ransomware.
  2. Machine Learning-based Detection: This advanced detection uses machine learning algorithms to recognize and stop ransomware behaviors that conventional signature-based techniques might miss.

The DoNex ransomware's scale serves as a clear reminder of how the cyber threats are changing. Businesses should maintain vigilance, ensure their security systems are up-to-date, and educate their employees about the ransomware dangers.