22A Hue Street, Hanoi, Vietnam 0904092014 info@binhminhitc.com

Security researchers at Cisco Talos have discovered a weakness in the Thanatos ransomware code that makes it possible for victims to unlock their Thanatos encrypted files for free without paying any ransom in cryptocurrencies.

“Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild,” the researchers say.

“Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Instead, it has been observed supporting ransom payments in the form of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others.”

However, since Thanatos uses different encryption keys to encrypt each file on an infected system without storing them anywhere, it is impossible for malware authors to return users’ data, even if the victims pay the ransom.

Free Thanatos Ransomware Decryption Tool

Dubbed ThanatosDecryptor, the open source, free ransomware decryption tool can be downloaded from the GitHub website, which has recently been acquired by Microsoft for $7.5 billion, and works for Thanatos ransomware versions 1 and 1.1

“Since Thanatos does not modify the file creation dates on encrypted files, the key search space can be further reduced to approximately the number of milliseconds within the 24-hour period leading up to the infection,” researchers explain.

“At an average of 100,000 brute-force attempts per second (which was the baseline in a virtual machine used for testing), it would take roughly 14 minutes to successfully recover the encryption key in these conditions.”

How to Protect Yourself From Ransomware Attacks

To safeguard against such ransomware attacks, you should always be suspicious of uninvited documents sent in an email and never click on links inside those documents unless verifying their sources.

Check if macros are disabled in your MS Office apps. If not, block macros from running in MS Office files from the Internet.

In order to always have a tight grip on all your important documents, keep a good backup routine in place that makes copies of your files to an external storage device which is not always connected to your PC.

Moreover, make sure that you run an active behavioral-based antivirus security suite on your system that can detect and block such malware before it can infect your device, and always remember to keep them up-to-date.

Source: thehackernews