Ransomware Group

Donut Leaks

Also known as: D0nut, Donut

Status: active • First seen 2022-08100+ known victims

Donut Leaks does not actually lock up your files - they just steal your data and threaten to post it online. This is sometimes called "extortion-only" ransomware.

Overview

Donut Leaks is an extortion group that focuses purely on data theft without encryption. They steal data and threaten to leak it publicly if victims do not pay.

Target Industries

Education, Healthcare, Government, Non-profit

How They Attack

  • Data exfiltration only
  • No encryption
  • Leak threats
  • Public shaming

Notable Victims

Education institutions (2023), Healthcare providers

Is your business exposed?

How to Protect Against Donut Leaks

  1. 1.

    Implement data loss prevention monitoring

  2. 2.

    Monitor for unusual data transfers

  3. 3.

    Encrypt sensitive data at rest

MITRE ATT&CK Techniques

T1567, T1041, T1078, T1071

Related Groups

Karakurt

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices