Avast Releases Free DoNex Ransomware Decryptor 
PureVPNNewsAvast Releases Free DoNex Ransomware Decryptor 

Popular antivirus provider Avast has identified a vulnerability in the DoNex ransomware’s encryption method and released a decryptor tool that enables victims to restore their files at no cost. The company has been collaborating with law enforcement agencies since March 2024 to privately distribute the decryptor to those affected by the DoNex ransomware.  

This strategy helps keep the decryption method out of the public eye to prevent cybercriminals from fixing the flaw. The vulnerability was shared with the public during the Recon 2024 cybersecurity conference last month, after which Avast made the decryptor available to all users. Learn more about it below:

DoNex Ransomware’s Evolution

DoNext is a rebranded version of DarkRace, which itself was a rebranding of Muse ransomware first introduced in April 2022. 

The vulnerability found by Avast affects all previous variants of the DoNext ransomware family, including a version that falsely branded itself as Lockbit 3.0 under the name ‘Muse’ in November 2022.

According to Avast’s findings, while DoNext activities focused mostly in the United States, Italy, and Belgium, the ransomware has impacted regions worldwide.

DoNex attacks by country (Source: Avast) 

Technical Breakdown of the Decryption Process

DoNex ransomware generates an encryption key using the ‘CryptGenRandom()’ function during its attack, which initiates a ChaCha20 symmetric key that encrypts the victim’s data.

Following the encryption stage, the ChaCha20 key is then encrypted with RSA-4096 and attached to the end of each encrypted file. The exact nature of the cryptographic weakness was not detailed by Avast, but possibilities include repetitive key usage, predictable key generation, or insufficient padding.

It is also noted that DoNex uses partial encryption for files over 1MB to speed up the process, which paradoxically creates vulnerabilities that can be exploited to recover files without a ransom.

Using the Avast DoNex Decryptor

The decryptor is available for free here and should be downloaded in the 64-bit version to manage the intensive memory requirements of the password-cracking phase. It must be run by a user with administrative rights and requires a sample pair of encrypted and original files.

A screenshot of the Avast DoNex decryptor tool (Source: Avast)

Avast recommends using the largest file you have as the sample, as it will determine the maximum file size the tool can decrypt. However, do not forget to back up your encrypted files before attempting decryption to prevent potential data loss.

author

Arsalan Rashid

date

July 9, 2024

time

1 year ago

A marketing geek turning clicks into customers and data into decisions, chasing ROI like it’s a sport.

Related Stories

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect
Posted on October 8, 2025
A Single Password Breach Shut Down a 158 Year Old Business

A Single Password Breach Shut Down a 158 Year Old Business
Posted on October 7, 2025
Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely

Nepal Social Media Ban: How to Access Facebook, Instagram, and YouTube Safely
Posted on September 5, 2025

Have Your Say!!