Thanatos ransomware is a malware which encrypts files it appends the.THANATOS extension to them. Once the encryption is completed, the malware connects to a specific URL to written report the infection. It locks information amongst AES cryptography to withdraw a ransom. Even though users whose computers are infected amongst this malicious programme are unable to perish dorsum the access to the encrypted information without paying the ransom, directly experts stimulate got released a costless decryption software.
Thanatos is distinct from many other forms of ransomware inward that it doesn't withdraw a payment inward bitcoin, but is known instead to asking ransoms paid inward other cryptocurrencies including Bitcoin Cash, Zcash in addition to Ethereum.
The experts from Cisco Talos believe the malware is beingness actively developed, it was beingness distributed every bit attachments to chat messages sent via Discord every bit multiple versions of it stimulate got been released inward the months since February. The initial Thanatos 1 version demanded its victims to pay the ransom inward Bitcoins. However, Thanatos version 1.1 of this malicious programme stimulate got other cryptocurrencies for the transactions every bit well:
“Unlike other ransomware usually beingness distributed, Thanatos does non withdraw ransom payments to last made using a unmarried cryptocurrency similar bitcoin. Instead, it has been observed supporting ransom payments inward the cast of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) in addition to others.”
The experts observed several variants of the malware, the starting fourth dimension ones were using the same Bitcoin address for all the victims in addition to the payment processing was manual afterwards the victims were instructed to ship an electronic mail to the crooks.
