Security researchers at Avast have cracked the code on DoNex ransomware and released a free decryptor tool for it and its previous variants.
DoNex, first appearing in March 2024, is the latest iteration of a ransomware family active since April 2022. Avast discovered a flaw in DoNex’s encryption method, allowing them to develop a free decryptor tool.
Avast’s data suggests DoNex primarily targeted users in the United States, Italy, and Belgium. However, the ransomware could have impacted victims worldwide.
How to use the DoNex ransomware decryptor
1. Download the decryptor here.
2. Run the executable file, preferably as an administrator. It starts as a wizard, leading you through the configuration of the decryption process.
3. On the initial page, we have a link to the license information. Click the Next button when you are ready to start.
4. On the next page, the user is asked to provide a list of locations (drives, folders, files) that are to be decrypted. By default, it has a list of all local disk drives.
5. On the following page, you need to supply an example of a file in its original form and then one encrypted by any brand of the DoNex ransomware. Type both names of the files. You can also drag & drop files from Windows Explorer to the wizard page. It is extremely important to pick a pair of files that are as big as you can find. The largest file size that is decryptable by the tool equals to the file size of the encrypted file in the pair.
6. The next page is where the password cracking process takes place. Click Start when you are ready to begin. This process usually only takes a second, but requires a large amount of system memory. This is why we strongly recommend using the 64-bit version of the decryption tool.
Once the password is found, you can continue to decrypt all the encrypted files on your PC by clicking Next.
7. On the final page, you can opt-in to back up your encrypted files. These backups may help if anything goes wrong during the decryption process. This choice is selected by default, which we recommend. After clicking Decrypt the decryption process begins. Let the decryptor work and wait until it finishes decrypting all of your files.
This free decryptor empowers users to recover their files without paying ransom to cybercriminals.
