Data Extortion Group Levels Up with their Own Ransomware

The 'Donut Leaks" data extortion group has its own ransomware to fulfill double-extortion campaigns. Operating since August 2022, and have been linked to attacks on DESFA, a natural gas company in Greece, Sheppard Robson a UK architectural organization, and the construction company, Sando. BleepingComputer in following Donut Leak's ransomware operations describes them as having a "flair for theatrics, using interesting graphics, a bit of humor, and even offering a builder for an executable that acts as a gateway to their Tor data leak site." Ransom notes left by the group use graphics art display in ASCII or from the command prompt.