Security researchers at Cisco Talos get got discovered a weakness inwards the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for costless without paying whatever ransom inwards cryptocurrencies.
Like all ransomware threats, Thanatos encrypts files as well as asks victims to pay for ransom inwards multiple cryptocurrencies, including Bitcoin Cash, to decrypt their files.
"Multiple versions of Thanatos get got been leveraged yesteryear attackers, indicating that this is an evolving threat that continues to hold out actively developed yesteryear threat actors amongst multiple versions having been distributed inwards the wild," the researchers say.
"Unlike other ransomware unremarkably beingness distributed, Thanatos does non need ransom payments to hold out made using a unmarried cryptocurrency similar bitcoin. Instead, it has been observed supporting ransom payments inwards the cast of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) as well as others."Once infected, all the encrypted filename extensions on the affected calculator are changed to .THANATOS, as well as and then a ransom annotation pops upward whenever the user tries to log on to the system, instructing them to ship the ransom money to a hardcoded cryptocurrency wallet address inwards lodge to decrypt the files.
However, since Thanatos uses unlike encryption keys to encrypt each file on an infected organization without storing them anywhere, it is impossible for malware authors to provide users' data, fifty-fifty if the victims pay the ransom.
Free Thanatos Ransomware Decryption Tool
Cisco researchers analyzed the malware code as well as constitute a loophole inwards the blueprint of the file encryption methodology used yesteryear Thanatos, using which they developed a costless ransomware decryption tool that volition assistance victims decrypt their files.
Dubbed acquired yesteryear Microsoft for $7.5 billion, as well as plant for Thanatos ransomware versions 1 as well as 1.1
Since the encryption keys used yesteryear Thanatos are derived based upon the issue of milliseconds since the organization terminal booted, it was possible for researchers to opposite engineer the logic as well as re-generate the same 32-bit encryption cardinal using beast strength assault as well as Windows Event Logs.
"Since Thanatos does non modify the file creation dates on encrypted files, the cardinal search infinite tin laissez passer notice hold out farther reduced to around the issue of milliseconds within the 24-hour menses leading upward to the infection," researchers explain.
"At an average of 100,000 brute-force attempts per 2d (which was the baseline inwards a virtual auto used for testing), it would accept roughly xiv minutes to successfully recover the encryption cardinal inwards these conditions."For to a greater extent than especial virtually the Thanatos ransomware, you lot tin laissez passer notice caput on to detailed weblog post published yesteryear Cisco Talos today.
How to Protect Yourself From Ransomware Attacks
Most ransomware spread through phishing emails, malicious adverts on websites, as well as third-party apps as well as programs. Whether it's Locky, CoinVault, Thanatos, TeslaCrypt, or whatever other ransomware malware, the protection measures are standard.
To safeguard against such ransomware attacks, you lot should e'er hold out suspicious of uninvited documents sent inwards an e-mail as well as never click on links within those documents unless verifying their sources.
Check if macros are disabled inwards your MS Office apps. If not, block macros from running inwards MS Office files from the Internet.
In lodge to e'er get got a tight traveling pocket on all your of import documents, maintain a expert backup routine inwards house that makes copies of your files to an external storage device which is non e'er connected to your PC.
Moreover, brand certain that you lot run an active behavioral-based antivirus safety suite on your organization that tin laissez passer notice discovery as well as block such malware earlier it tin laissez passer notice infect your device, as well as e'er recall to maintain them up-to-date.
