Security & Compliance Automation Platform
UnderDefense MAXI is the solution to day-to-day cybersecurity problems of IT leaders and teams. It builds your 24/7 business protection together with you on the driver’s seat.
UnderDefense MAXI Platform
UnderDefense Secures Top Honor at the 2025 Global Infosec Awards
We’re proud of being a winner at the 2025 Global Infosec Awards…
10-Point AWS Security Checklist for Executives
Quickly assess your cloud security posture with this executive-ready checklist covering IAM, monitoring, and compliance essentials.
Anti-Phishing Playbook
Your free PDF guide to spotting and stopping phishing attacks before they reach your team or data.
24/7 Threat Detection & MAXImum Responsiveness
Our human-led MDR service combines expert insight and automation and AI for fast, precise threat response. Get full context in 2 minutes and cut MTTC to 15, staying ahead of ransomware and other attacks.
Calculate your MDR price
Pay only for the services you actually need, with no hidden costs.
10-Point AWS Security Checklist for Executives
Quickly assess your cloud security posture with this executive-ready checklist covering IAM, monitoring, and compliance essentials.
Anti-Phishing Playbook
Your free PDF guide to spotting and stopping phishing attacks before they reach your team or data.
Spot threats faster and respond smarter than tools alone
24/7 MDR and SOC services led by award-winning security experts. We act as an extension to your team or as a fully remote team, providing detailed threat insights and actionable responses to secure your environment immediately.
UnderDefense is an AWS Partner
We’re excited to announce that UnderDefense is now an AWS partner and available on AWS Marketplace…
Managed SOC at Your Service
Augment your SOC with 24/7 monitoring, threat detection, and expert response—without the overhead. Integrated with your existing tools, our SOCaaS stops attacks before they cause harm.
Managed SIEM Pricing Guide
Download a clear, practical overview of Managed SIEM pricing, featuring detailed breakdowns by service type, pricing model, real-world pros and cons, and key cost factors.
Managed SOC at Your Service
Augment your SOC with 24/7 monitoring, threat detection, and expert response—without the overhead. Integrated with your existing tools, our SOCaaS stops attacks before they cause harm.
Managed SIEM Pricing Guide
Download a clear, practical overview of Managed SIEM pricing, featuring detailed breakdowns by service type, pricing model, real-world pros and cons, and key cost factors.
D0Glun ransomware recovery team on standby
D0Glun is an emerging ransomware group active in 2024–2025, deploying a double-extortion model against mid-market targets and operating a Tor-based leak site to maximise payment pressure. Isolate affected systems immediately and contact UnderDefense's incident response team — do not attempt self-remediation or negotiation without expert support.
Average Mttc
Ransom-Free recovery rate
Avoided in ransom
Global availability
Systems restored
IR experts
Ransomware cases resolved
IR experience
Do NOT attempt any self-remediation, as it can trigger further encryption and destroy recovery points. Instead, follow these steps:
Contact us now for urgent ransomware response assistance, 24/7
Get Help Now
Accomplishments and recognitions, demonstrating our commitment to excellence and innovation.
Momentum Leader in MDR
Best Support in MDR & IR
Managed Detection and Response (MDR)
Top Cybersecurity Company 2025
Best Managed Detection and Response Service
#4 of 184 teams Splunk Boss of the SOC
Best Of Cybersecurity Awards for Q1 2025
AWS Partner
Splunk Manage Premier Partner
Like a crime scene, a ransomware attack must be preserved — tampering with encrypted files, attempting self-recovery, or engaging with attackers can destroy critical evidence and reduce your chances of recovery.
Taking the right steps in the first moments after a D0Glun attack can make a huge difference and help you make a full recovery. Request 24/7 D0Glun ransomware recovery services to decrypt your data and maximize your chances of restoring operations.
D0Glun infections display .d0glun file extension and ransom notes named D0GLUN_NOTICE.txt or similar. Initial compromise traces to phishing, credential theft, and internet-facing application exploitation. Standard ransomware behavior: AES-256 encryption and data exfiltration.
AES-256-CBC with RSA-2048 key wrapping.
RaaS platform with affiliate recruitment. Operators maintain malware and infrastructure; affiliates source targets through phishing and exploitation.
Dual extortion: file encryption plus data publication threats. Standard leak site with victim names and data samples. 7–10 day countdown to public disclosure.
Windows-primary targeting.
D0GLUN_NOTICE.txt with Tor contact, Bitcoin wallet, victim ID, and payment deadline.
No decryption tool available.
File Extensions
.d0glun
Ransom Note Filenames
D0GLUN_NOTICE.txt, D0GLUN_README.txt
D0Glun Hashes
Limited samples. Process names: d0glun.exe, payment.exe.
D0Glun Tools
– EDR Disabling: Windows Defender disable
– Credential Dumping: Mimikatz, registry extraction
– Reconnaissance: Network enumeration
– Exfiltration: Rclone, FTP, cloud storage
– Lateral Movement: Pass-the-Hash, SMB, RDP
– Malware: Standard delivery trojans, backdoors
Most Common Red Flag
PowerShell script execution, Rclone cloud sync, unusual service creation, privilege escalation attempts.
Attack vector | % of D0Glun incidents | Notes |
Phishing | 50% | Credential stealer delivery |
RDP Brute Force | 35% | Weak credentials |
Unpatched Apps | 15% | RCE vulnerabilities |
3–8 documented victims. Ransom demands: $30K–$500K. Payment rate: 20–30%.
Eliminate attacker access: revoke credentials, remove persistence, scan backdoors, restore from backups.
Recovery depends on backups. Organizations with 3-2-1 backups recover in 1–5 days.
Documented demands: $30,000–$500,000. Average settlement: $75,000–$200,000.
10 reasons why you should choose the UnderDefense ransomware recovery consulting services:
Get Help NowD0Glun is an emerging RaaS operation (2024–2025) using AES-256-CBC encryption with RSA-2048 wrapping. The group operates a public leak site and recruits affiliates through dark web forums.
D0Glun operates with standard RaaS methodology similar to contemporaries (Ailock, Cs-137). Distinguishing characteristics remain minimal; the group represents interchangeable early-stage affiliate-driven ransomware.
No specialization documented. Victims span finance, manufacturing, and professional services. Targeting appears opportunistic.
No public decryption tool exists.
Data publication on leak site. Follow-through rate unknown due to limited victim base.
1) Email security with sandboxing; 2) Patch internet-facing applications; 3) MFA on access; 4) EDR deployment; 5) Offline backups; 6) Security assessments.
1) Isolate systems; 2) Revoke credentials; 3) Scan for backdoors; 4) Preserve forensic evidence; 5) Notify law enforcement; 6) Verify backup integrity; 7) Begin recovery; 8) Monitor for re-compromise; 9) Post-incident, audit access logs.
The RaaS model enables low-cost market entry: purchase malware code, lease infrastructure, recruit affiliates. Multiple groups emerge because barriers to entry are minimal; competition in affiliate networks intensifies.
Most emerging groups either consolidate (acquired by larger operations), collapse (operational failures), or merge with other groups. Approximately 70–80% of emerging ransomware operations fail within 12 months. Those that survive typically become established threats.