A ransomware (program that encrypts the information of the affected computer) has become notorious among this type of malicious programs, due to its inability to decrypt the infected files, even if the ransom payment was made which must be paid in Bitcoin Cash (BCH).
Bleeping Computer, a computer resource and help site, reported the supposed anomaly going on Thanatos – the name used for this malware, first discovered by cybersecurity researcher MalwareHunterTeam – warning users not to pay the ransom, for their files will be kept encrypted even after paying and contacting extortionists to help them with decryption.
Per the report, once Thanatos infects a victim’s computer, it uses a new key for every file that will encrypt, and will replace the file’s extension with .THANATOS, then adding the victim to a tracking record by connecting to the Internet, and prompting to pay $200 in Bitcoin Cash; a notable feat that turns it into the first ransomware to accept payment in Roger Ver’s coin (although it can also be paid in Bitcoin or Ethereum). Besides said notorious thing, and up to this point, it doesn’t distance itself from other types of ransomwares.
The problem comes at the decryption phase. According to Bleeping Computer, those keys the program uses are not stored anywhere and as such, it leaves people unable to recover their files, even after sending the ransom and contacting the malware developer. “Therefore, it is not recommended that victims pay the Thanatos ransom for any reason,” reads the report.
However, it also explains that via brute force, it may be possible to find all the keys and recover infected files, recommending people affected by Thanatos to contact them in order to consult the possibility of creating a brute force program.
Ransomware has become quite popular nowadays, thanks in part to the anonymity factor cryptocurrencies provide users with. Although any payment send to one of these addresses is trackable due to the blockchain being essentially, a public ledger, the address owner could be invested of partial-to-full anonymity, making the chase a difficult one for law enforcement officers.
On May 2017, a group of hackers triggered the alarms on Bitcoin worldwide with the infamous WannaCry ransomware that affected more than 200.000 computers across 150 countries. A month later, a similar attack was launched with Petya, another ransomware that cyphered computers of victims located in Europe, most notably those property of the Ukrainian government. Both malwares exhorted to pay $300 in exchange of a decryption
Finally from Bleeping Computer advise users to stay away from unknown attachments, making backups of their most important files in external devices, using hard passwords and keeping their systems up to date and using anti-malware programs.