Donut group unleashes its own ransomware for double extortion attacks

Share post:

The Donut (D0nut) extortion group has revealed its own ransomware for enterprise double-extortion attacks.

To avoid detection, it sends ransom notes that are heavily abstracted, with all strings encoded and the JavaScript decoding the ransom note in the browser. These ransom notes include various methods for contacting the threat actors, such as TOX and a Tor negotiation site.

For double-extortion attacks, the group is said to use its own customized ransomware. Donut spreads via spam emails (malicious attachments), third-party software download sources (freeware download websites, free file hosting sites, peer-to-peer [P2P] networks, and so on), bogus software updaters, and trojans.

Donut then appends the “.donut” extension to each encrypted file’s name. For instance, “sample.jpg” is renamed “sample.jpg.donut.” Data that has been compromised is rendered useless immediately. Donut changes the desktop wallpaper, opens a pop-up window, and generates a text file (“decrypt.txt”), placing a copy in each existing folder after successfully encrypting data.

A ransom-demand message appears on the desktop wallpaper, pop-up window, and text file. The message, as usual, states that the files have been encrypted and that the victim must purchase a decryption tool to restore them. Donut currently does not specify whether it employs symmetric or asymmetric cryptography; this information is not provided. Decryption, on the other hand, requires a unique key generated for each victim. All keys are hidden on a remote server by developers.

When this occurs, victims are encouraged to pay a ransom in exchange for a ‘decryption tool’ containing the key. The fee is $100, which must be paid in Bitcoin cryptocurrency.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Canadian Cyber Defence Agency Lists India as a Cybersecurity Threat for First Time

Canada's federal cyber defence agency, the Communications Security Establishment (CSE), has identified India as a cybersecurity threat to...

Casting a Hex and Deceptive Delight: Jailbreaking Techniques Targeting AI Models

OpenAI's GPT-4o language model can be tricked into generating exploit code by encoding malicious instructions in hexadecimal, according...

CRA Admits to Massive Underreporting of Cyberattacks

The Canada Revenue Agency (CRA) has acknowledged that tens of thousands of taxpayer accounts were hacked between March...

Apple Launches $1 Million Bug Bounty for Hacking Apple Intelligence Servers

Apple has announced a new bug bounty program offering up to $1 million to individuals who can successfully...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways