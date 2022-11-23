Donut Leaks extortion group, which was first discovered in August this year is now conducting ransomware attacks as well.

Donut Leaks extortion group, which was discovered in August this year, was known for its leaks as its name suggests. According to BleepingComputer, the group is now deploying ransomware after breaching its targets as well, transitioning into double-extortion attacks.

Donut Leaks extortion group was known for its attacks on Greek gas company DESFA, UK architectural company Sheppard Robson, and the construction company Sando in August this year. After those attacks, Donut Leaks posted stolen data; but together many other ransomware operations’ websites. This means Donut Leaks might be an affiliate for several operations.

Now, the newest attacks of Donut attacks include an encryptor, making it capable of conducting ransomware attacks as well. This custom ransomware enables the Donut gang to conduct double-extortion attacks. The ransomware checks for specific extensions to encrypt, but it also avoids some file and folder names such as Edge, Chrome, AllUsers, Windows, and some .ini files. After encrypting the files, they will gain the .d0nut extension.

The administrators should keep an eye on the Donut gang in order to avoid becoming a victim of double-extorsion attacks.