Thanatos - First Ever Bitcoin Cash Ransomware Doesn’t Even Decrypt Your Files!

Mar 03 2018

Over the past few years, there has been a significant rise in the number of cryptocurrency-based cybercrime activities. Up until a few years ago, ransomware was a term unheard of. Malware and Spyware plagued the world of computers and technology - but the arrival of Cryptocurrency-based Ransomware took things to the next level. Cryptocurrencies practically make it impossible for tracing down the recipient, making it the ideal choice of mode of payment for ransomware attacks. Thanatos is the first ever Bitcoin Cash ransomware.

For those who may not be aware of what a ransomware is, it is basically a malicious program which encrypts the files in your PC and does not allow you to access them till you pay a certain amount of cryptocurrencies to a given address. After the payment, a ‘decryption key’ is provided to the users, using which the files can be recovered. 

However, this is the usual way a ransomware works. This Bitcoin Cash ransomware, Thanatos has an evil twist to it - even after you make the payment, the files do not get decrypted! This is due to a bug in the decryption algorithm that prevents the files from being decrypted. This report comes from a security researcher, MalwareHunterTeam. 

Basically, when the Thanatos Malware affects your PC, it encrypts the files and injects the key for each encrypted file. However, these keys are not saved anywhere which makes it practically impossible to decrypt and recover the files. At this point in time, it is still unsure if this is something which the creator of the ransomware did on purpose or is a result of a bug.  While the Thanatos attack warns that “files can only be decrypted by our decode tool,” it is clearly not the case, as reported by a number of victims. 

A report from Bleeping Computer, which first reported about this ransomware attack states: “This ransom note contains instructions to send a $200 USD ransom payment to one of the listed Bitcoin, Ethereum, or Bitcoin Cash addresses. The user is then instructed to contact thanatos1.1@yandex.com with their unique victim ID in order to receive a decryption program.”

Apart from the fact that your files cannot be recovered - a noteworthy thing here is that Thanatos is the first instance where a major ransomware is accepting Bitcoin Cash ransom. Ransomware attacks are on the rise over the recent few years. A report from Google states that over just the past two years, ransomware attacks have resulted in a ransom of $25 Million. 

With these attacks on the rise, security researchers have been advising users to back up their files regularly. Moreover, it is in the best interest of the users to not open or download attachments from unknown e-mail addresses as this is usually how ransomware spreads. As of this writing, there is practically no way to recover files encrypted by the Thanatos ransomware attack - even the team of hackers which developed the Thanatos ransomware, in all probability, cannot recover the files. 
 

Comments