Even if the victim will pay developers the blackmailer a ransom to recover data this does not help.
Information security specialist MalwareHunterTeam have discovered a new ransomware Thanatos. Malvar distinguished not only poorly written code and bugs, which restore the user data is probably impossible, but the fact that this is the first extortionist receiving the ransom in Bitcoin cryptocurrency Cash.
The researchers write that Thanatos is another vivid example of the fact that virus writers often release “on the market” poorly written and clearly not tested the products. Thus, according to the independent expert Muroni Francesco (Francesco Muroni), Thanatos encrypts each user a private key file by changing their extension to .THANATOS. However, these keys are not stored literally anywhere. In fact, even if the victim will pay developers the blackmailer a ransom to recover data this does not help.
However, studying the malware, Moroni expressed the hope that the encryption keys for each file it is theoretically possible to pick up using a conventional brute-force attack, although this process will take time. Specialists claim that users affected by Thanatos, can ask for help in the forum Bleeping Computer.
Because from a technical point of view Thanatos does not represent special interest for experts, they draw attention to the fact that the authors of the ransomware accepts payment in Bitcoin Cash, making Thanatos malware the first of its kind. Victims of Cypher a choice of three options for payment of the repurchase: the $ 200 can be transferred to the wallet of Bitcoin, Ethereum and Bitcoin Cash.
Although Ethereum too, is hardly popular among cybercriminals cryptocurrency, this payment method still met earlier. Thus, the authors of the blackmailer HC7, discovered in the beginning of 2018, also offers its victims to pay a ransom of Ethereum, despite the existence of a more anonymous cryptocurrency (e.g. Monero and DASH).