This conference talk from Recon2024 explores how cybersecurity analyst Gijs Rijnders discovered vulnerabilities in the DoNex ransomware that enabled file decryption without paying criminals. Dive into the technical analysis of this recent ransomware operation that has been targeting and naming victims on dark web leak sites. Learn how reverse engineering revealed critical cryptographic flaws that allowed for the development of a free decryption tool, now available through the NoMoreRansom platform - an initiative supported by the Dutch National Police. The presentation details the technical vulnerabilities in DoNex's implementation and demonstrates how proper analysis can undermine ransomware operations, helping victims recover their files without negotiating with cybercriminals. Presented by Gijs Rijnders, a cyber threat intelligence analyst and malware reverse engineer at the Dutch National Police who specializes in ransomware analysis and has published multiple decryption tools.