Be aware! Thanatos Ransomware infects victims and doesn’t decrypt anything after the ransom is paid

Ransomware cybercriminals continue to release new strains that cause new cybersecurity problems, in most cases, this strains are not tested well and contain bugs that may make it impossible, for victims to recover their files. The new wild ransomware named Thanatos is one of this bug ransomware.

When the Thanatos Ransomware infects a victim, it will use a new key for each encrypted file. The problem, according to our cybersecurity researchers, is that these keys are never saved anywhere, meaning that if a user pays the ransom, the ransomware cybercriminals do not have a method that will be able to decrypt each file.
This ransomware introduces something new; it is the first ransomware to accept Bitcoin Cash as a ransom payment.

How Thanatos Ransomware attack a Computer
When the Thanatos Ransomware encrypts a computer it will generate a new encryption key for every file encrypted. These encryption keys are not saved anywhere and thus according to our cybersecurity researchers it would not be possible for the victims to decrypt the files even if a ransom payment is made.
The encrypted files are using “.THANATOS” extension to an encrypted file’s name.
We add a short reminder for everyone! This kind of threats are widespread nowadays and can be easily avoided by using a cybersecurity solution like an antivirus for Windows or antivirus for Mac, depending on which OS your device is using.

Thanatos Encrypted Files
After hitting a target, it will connect to URL to keep track of the number of victims that have been infected.
In the end, it will generate an autorun key named: Microsoft Update System Web-Helper that will open the README.txt ransom note every time a user logs in.
This ransom note contains instructions to send a USD 200 ransom in Bitcoin, Ethereum, or Bitcoin Cash addresses. Thanatos cybercriminal contact address is [email protected]

How to protect yourself from the Thanatos Ransomware
To stay safe and secured from this kind of cybersecurity problems like ransomware, it is essential to use good computing habits and a stable cybersecurity solution like an antivirus.
Companies should also have an extra cybersecurity solution like software that incorporates behavioral detections to combat ransomware and not just signature detections that are used in most antivirus solutions.

For any company and individual that wants to be fully protected against any cybersecurity problem, please follow this cybersecurity habits:
• Always Backup as often as possible!
• Do not open attachments if the sender is unknown.
• Do not open attachments until the known sender is verified.
• Scan attachments with a robust cybersecurity solution like an antivirus for Mac or an antivirus for Windows, depending on which OS your device is using.
• Make sure all updates are installed as soon as they come out! Also make sure you update all other apps, especially Java, Flash, and Adobe Reader.
• For companies only: Schedule trimestrial professional cybersecurity checkups by hiring a company specialized in offering such cybersecurity assistance like penetration testing and ethical hacking
• Always use hard passwords and never reuse the same password at multiple sites.

Ransom Note Text:
________ _____ _ _____ __________ _____
/_ __/ / / / | / | / / |/_ __/ __ \/ ___/
/ / / /_/ / /| | / |/ / /| | / / / / / /\__ \
/ / / __ / ___ |/ /| / ___ |/ / / /_/ /___/ /
/_/ /_/ /_/_/ |_/_/ |_/_/ |_/_/ \____//____/
Thanatos v1.1
Your files was encrypted. To decrypt your files,
follow next steps:
1. Send $200 to one of these wallets:
BTC: 1HvEZ1jZ7BWgBYPxqCvWtKja3a9hsNa9Eh
ETH: 0x92420e4D96E5A2EbC617f1225E92cA82E24B03ef
BCH: qzuexhcqmkzcdazq6jjk69hkhgnme25c35s9tamz6f
2. Send your TXID and your MachineID to mail
E-Mail: [email protected]
MactineID: 6bfd5faf-54f4-4620-a82d-4558a9132a25

Do not waste your time, files can only be
decrypted by our decode tool.
Email Addresses:
[email protected]
Associated Files:
Associated Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Microsoft Update System Web-Helper” = “C:\Windows\System32\notepad.exe %UserProfile%\Desktop\README.txt”