MalwareHunterTeam — a security group that helps victims detect ransomware on their PCs — has discovered a new ransomware threat. Known as Thanatos, the malware is thought to be the first to demand bitcoin cash (BCH) in return for decrypting your data.
Subscribe to the Bitsonline YouTube channel for more great interviews featuring industry insiders & experts
Bitcoin Cash Not a Favorite for Illicit Activities
Ransomware developers have typically demanded cryptocurrencies such Monero and Zcash from their victims. Monero and Ccash have been labeled “criminal currencies” because of their prolific use in illicit activities – a direct product of their privacy credentials. Mobile ransomware is reported to have seen a sharp increase in 2017, sparking moves by Kaspersky to create the No More Ransomware project.
Thanatos marks the first known shift toward bitcoin cash for ransomware developers.
The bleepingcomputer blog states:
“While the encryption part of Thanatos is a mess, the ransomware does introduce something new. That is being the first ransomware to accept Bitcoin Cash as a ransom payment.”
Controversial Beginnings and Darknet Connections
In December last year, bitcoin cash was added to Dream Market — a Silk Road-esque darknet portal that is popular for buying and selling drugs. At the time, BCH was integrated into the portal because bitcoin was struggling with high transaction fee issues.
BCH has been a controversial cryptocurrency since it forked from Bitcoin on August 1st, 2017. It has proven divisive in the cryptocurrency space, with some supporting the currency and others continuing to back bitcoin. BCH proponents believe the currency is truer to the spirit of the original Satoshi Nakamoto vision.
Thanatos Is Clumsy Ransomware – Don’t Pay
Not only are the Thanatos developers unique in accepting bitcoin cash (as well as bitcoin and ether), they also have no way of decrypting your files.
Each encrypted file is granted a new key and is affixed with a .THANATOS extension. The developers of the malware do not have access to those keys. Therefore, malware researcher Francesco Muroni advises victims not to pay the ransom, suggesting it may be possible to brute force the encryption keys.
In fact, according to a report from Barkly, a security firm that provides endpoint malware protection, 20 percent of ransomware victims are unable to retrieve their files after paying a ransom.
This statistic serves to highlight the need to backup your files and protect your system using good security habits to prevent ransomware before it happens.
Have your say. Have you ever been a victim of ransomware? Describe your experience in the comments below.
Images via Pixabay