- 1519565080 bpthumb - Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor

This blog post was authored by Edmund Brumaghin, Earl Carter and Andrew Williams.

Executive summary

Cisco Talos has analyzed Thanatos, a ransomware variant that is being distributed via multiple campaigns that have been conducted over the past few months. As a result of our research, we have released a new, free decryption tool to help victims recover from this . Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild. Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Instead, it has been observed supporting ransom payments in the form of Bitcoin (BCH), Zcash (ZEC), Ethereum (ETH) and others.

Additionally, due to issues present within the encryption process leveraged by this ransomware, the malware authors are unable to return the to the , even if he or she pays the ransom. While previous reports seem to indicate this is accidental, specific campaigns appear to demonstrate that in some cases, this is intentional on the part of the distributor. In response to this threat, Talos is releasing ThanatosDecryptor, a free decryption tool that exploits weaknesses in the design of the file encryption methodology used by Thanatos. This utility can be used by victims to regain access to their data if infected by this ransomware.



Source link


Please enter your comment!
Please enter your name here