Getting hit by a ransomware attack is bad enough; it means that your files have been encrypted and you’ll be asked to pay a fee in a cryptocurrency such as Bitcoin or Ethereum to unlock them. The problem is that paying the ransom is in no way a guarantee that your files will be decrypted — the ransomware was created by criminals, after all.
If you’ve been struck by the Thanatos ransomware, however, there’s good news from Cisco Talos. The company has analyzed the malware and developed a free decryption tool that will enable you to get your files back without having to part with any money.
Cisco Talos says that this particular example of ransomware is something of a slippery beast. “Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild. Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Instead, it has been observed supporting ransom payments in the form of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others.”
Thanatos appears to be in active development, and this helps to explain why so many variants have been found in the wild. Going on to explain why there was such interest in creating a free decryption utility, the company says:
Additionally, due to issues present within the encryption process leveraged by this ransomware, the malware authors are unable to return the data to the victim, even if he or she pays the ransom. While previous reports seem to indicate this is accidental, specific campaigns appear to demonstrate that in some cases, this is intentional on the part of the distributor. In response to this threat, Talos is releasing ThanatosDecryptor, a free decryption tool that exploits weaknesses in the design of the file encryption methodology used by Thanatos. This utility can be used by victims to regain access to their data if infected by this ransomware.
If you have data that has been encrypted by Thanatos, you can download ThanatosDecryptorfrom GitHub.
The company has a detailed blog post about its investigation into the ransomware which you can find here.
Original Source: https://betanews.com/ By Mark Wycislik-Wilson. June 26, 2018 Copyright Image: CanalTech