European and US businesses are currently on high alert following the emergence of a new ransomware strain called “DoNex.” Cybersecurity professionals are working around the clock to understand the full extent of the attack and develop countermeasures to combat this evolving threat.
The DoNex ransomware group has been actively infecting networks and targeting victims, with several companies already falling victim to their double-extortion technique. This method involves encrypting files with a unique VictimID extension and exfiltrating sensitive data to further pressure victims into paying the ransom.
Victims have reported finding Readme.VictimID.txt ransom notes on their computers, instructing them to contact the DoNex organization via Tox Messenger, a secure and anonymous peer-to-peer instant messaging app. By using Tox, the attackers make it more difficult for law enforcement to monitor their communications.
The exact methods DoNex uses to breach corporate networks are still unknown, as cybersecurity teams continue to investigate and monitor the situation closely. Symantec, a leading provider of cybersecurity solutions, has outlined ways to protect against the DoNex ransomware, including file-based detection and machine learning-based detection.
The DoNex ransomware attack serves as a stark reminder of the evolving cyber threats facing businesses. It is crucial for companies to remain vigilant, keep their security systems up-to-date, and educate employees about the dangers of ransomware.