Thanatos: Newest Ransomware To Combat

As the world becomes more connected via IoT devices and smart phones, the ability of viruses to spread increases as well. Enterprises no longer have only desktop computers to worry about. Frequent use of company devices for personal activities expose a company to risk of ransomware.

Malware is a generalized umbrella term for any malicious software. The term covers everything from your basic viruses through ransomware and scareware. In fact, malware covers anything installed that works against the interests of the computer owner or user.

Including programs automatically installed to prevent piracy and other forms of copying.

Most recently a ransomware program has been exposed that has larger risks than your average ransomware.

Differences in ransom malware

There are a myriad of ransomware styles risking computer and smart devices. And they range in impact against the user and companies affected.

  • Encrypting ransomware: Just as the name suggests, this malware encrypts the user’s data until a ransom is paid. At the time of payment, the user sends an asymmetrical ciphertext which the ransomware author decodes and sends for decryption.
  • Non-encrypting ransomware: This malware does not encrypt data but restricts access to the computer’s data or systems with photographs or by exploiting the web browser. Consumers or companies pay money to unblock the computer. Scareware can be classified in this category.
  • Leakware: This program leaks the computer’s information to the code author, who then requires a ransom or threatens to publish the computer’s data.
  • Mobile ransomware: These programs hit mobile devices and do not encrypt data but create blockers preventing use without payment.

Unfortunately, ransomware is a legitimate concern for both consumers and businesses. Each style of ransomware creates a threat to a company, with mobile ransomware becoming much more prevalent.


Two weeks ago, MalwareHunter Team discovered a new encrypting ransomware named Thanatos. While the ransomware may appear to be like all others, there are two distinct differences.

The first difference, which is more a cryptocurrency side note, is Thanatos is the first ransomware to accept Bitcoin Cash in addition to Bitcoin and Ethereum as payment. Not noteworthy, other than a comment of Bitcoin Cash’s acceptance in the cryptocurrency world.

The second difference is the virus’s record of each file’s encryption key. Namely, there is no record. The computer does not store an asymmetrical ciphertext to send to the extortionist. Which means not even the creator can unlock the encrypted files once the virus has hit a computer.

No one knows for sure if this was an intentional writing of the algorithm, or if the code writer made an error. Either way, once Thanatos hits a computer there is no way to decrypt the files. Some security firms state a brute force method can be used, but that is often outside the abilities of a standard IT department.

Resolution for ransomware

Security firms do not recommend paying the demand regardless the type. In the case of Thanatos, companies cannot decrypt data once the ransom is paid. In most cases of ransomware, there is an ability to remove the threat without having to pay the extortionist. Though the steps can be numerous, it is easily done.

Prevention of a virus is the best option, though. Ensuring your company has up to date virus detection is key. Also, ensuring all operating systems and programs are up to date is important. Often systems and programs will release patches for new risks not publicized. If your systems are out of date, so is your protection.

Also, cover the basics of security. Ensuring passphrases regularly expire and following protocol is as important as up to date programs and systems. And of course, remind all computer and mobile device users to not open attachments they do not recognize. Other than WannaCry, which was deployed by botnets, the preferred method of ransomware delivery is still the email attachment.

And above all else, ensure your data is backed up regularly.

Ultimately, regular scans and monitoring, as well as educating staff about what to look for, can prevent time consuming recovery. And in the case of Thanatos, a very costly recovery.

Say goodbye to downtime and hello to new opportunities.