DoNex
(Active)
Decryptor Available
No
Description
This entry is under construction. However, we have included some details below.
Ransomware Type
Crypto-Ransomware
Data Broker
First Seen
Extortion Links
Medium
Link
TOR
http://g3h3klsev3eiofxhykmtenmdpi67wzmaixredk5pjuttbx7okcfkftqd.onion
Extortion Types
Direct Extortion
Double Extortion
Free Data Leaks
Communication
Medium
Identifier
Email
Tox
2793D009872AF80ED9B1A461F7B9BD6209744047DC1707A42CB622053716AD4BA624193606C9
File Extension
<file name>.<file extension>.<9 alphanumeric character victim ID>
Ransom Note Name
Readme.<9 alphanumeric character victim ID>.txt
Ransom Note Image
Samples (SHA-256)
0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca
Known Victims
| Industry Sector | Country | Extortion Date | Amount (USD) |
|---|---|---|---|
| Distribution & Logistics | Netherlands | ||
| Banking & Finance | United States | ||
| Retail & Wholesale | Italy | ||
| Music & Entertainment | Czech Republic | ||
| Education | Belgium |
References & Publications
PCrisk:
DoNex Ransomware