Chocotopia Hit by DoNex Ransomware Attack

Chocotopia has reportedly been compromised by the DoNex ransomware group. The attack allegedly exfiltrated 33 GB of miscellaneous data, including personal documents, pictures, invoices, and more. Chocotopia is a Czech-Belgian family-owned company with a long tradition in the chocolate industry. For over two decades, it has been producing and delivering the finest Belgian chocolate to our customers in the Czech Republic, Belgium, and other European countries.

Who is DoNex?

DoNex is a new ransomware group actively targeting entities in the United States and Europe. The group has begun listing companies as its victims on its dark web portal, accessible via the Onion network. The group’s tactics are especially insidious, employing a double-extortion method, which encrypts files, which are then appended with a unique VictimID extension. The group also exfiltrates sensitive data and holds it hostage to leverage additional pressure on the victims to pony up the ransom.

How DoNex Operates

In line with the typical behavior of ransomware groups, after encrypting the files, DoNex generates a ransom note on the victim's computer. This note usually appears as either a text file or a pop-up window and includes detailed instructions on how to pay the ransom to get the decryption key. Victims have discovered ransom notes named Readme.VictimID.txt on their systems, which instruct them to establish contact with the DoNex group through Tox messenger, a peer-to-peer instant messaging service known for its security and anonymity features.