Another ransomware program is infecting computers, and it’s demanding Bitcoin Cash to let users unlock their files. A report at Bleeping Computer highlights the new ransomware, dubbed Thanatos, that was unearthed by security experts at MalwareHunter Team.
What makes this particular infection noteworthy is that it creates an encrypted file, but the key is not saved anywhere. Whether by accident or design, there’s no way to easily unlock a computer once it’s been compromised. Even if you do pay the ransom, it’s unlikely the developers of the malware will ever be able to decrypt your data.
It is possible to use a brute force method to discover the encryption key, however. Users infected with Thanatos are strongly advised not to pay the ransom and instead contact a cyber security firm for assistance.
After a computer is infected, all the encrypted filename extensions are changed to .THANATOS. A ransom note in the form of afile pops up whenever the user tries to log on, demanding $200 in cryptocurrency to decrypt the files.
Thanatos is noteworthy in that it’s the first ransomware scam to accept Bitcoin Cash for payment, along with Bitcoin and Ethereum. Bitcoin Cash is a spin-off of regular Bitcoin caused by a “hard fork” in the currency, similar in practice to a stock split.
Cryptocurrency is quickly becoming the payment method of choice for online extortionists; CCN reports that 34 ransomware schemes netted $25 million over a two-year period. Most criminals were using the Bitcoin exchange BTC-e to redeem their extorted funds. BTC-e has been used to launder money in the past, and several countries have called for legal oversight of the shadowy exchange.
You’ve heard it a hundred times, but it bears repeating: Always back up your data, always update your OS to the latest version, and don’t use the same passwords for multiple applications.