If your computer is infected with Thanatos Ransomware and you are looking for a free Thanatos ransomware decryption tool to unlock or decrypt your files, your search is complete.
The Cisco Talos security researchers have discovered a weakness of the Thanatos ransomware code that allows victims to unlock their encrypted files free with Thanatos ransomware decryption tool without paying any ransom for cryptos.
Like all ransomware threats, Thanatos ransomware encrypts files and asks victims to pay ransom in several crypto-currencies, including Bitcoin Cash, to decrypt their files.
“Several versions of Thanatos have been exploited by attackers, indicating that it is an ever-evolving threat that continues to be actively developed by threat actors with several versions distributed in the wild,” say researchers.
“Unlike other generally distributed ransomware, Thanatos does not require any surrender payments for use with cryptocurrency like Bitcoin, but it has been observed that backs up the cashback payments in the form of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others. ”
Once infected, change all encrypted to .THANATOS file extensions on the computer, then a ransom is displayed each time the user tries to access the system, asking them to send ransom money to a cryptocurrency address encoded in cryptocurrency to decrypt the files.
However, since Thanatos uses different encryption keys to encrypt all files on an infected system without storing them anywhere, it is impossible for malware writers to return user data, even if victims pay for it. ransom.
Free Thanatos ransomware decryption tool
The researchers analyzed Cisco’s malicious code and found a flaw in the design of the file encryption methodology used by Thanatos, using that they have come up with a free tool that will help decrypt ransomware victims to decrypt their files.
Nicknamed ThanatosDecryptor, decryption of the free open source instrument, ransomware can be downloaded from GitHub website, which was recently acquired by Microsoft for $ 7.5 billion and it works with versions 1 and 1.1 Thanatos ransomware
Since the encryption keys used by Thanatos ransomware are derived based on the number of milliseconds since the system was last booted, it was possible for the researchers to decode the logic and regenerate the same 32-bit encryption key using the attack. brute force and Windows Event Logs.
“Because Thanatos does not change the creation dates of encrypted file files, the search key area can be further reduced to about the number of milliseconds before the 24-hour period that leads to infection,” say the researchers.
“With an average of 100,000 brute force attempts per second (which was the baseline in a virtual machine used for testing), it would take about 14 minutes to successfully restore the encryption key under these conditions. ”
For more details on Thanatos ransomware decryption tool, you can access the detailed blog published by Cisco Talos today.
How to protect yourself from these ransomware attacks
Most ransomware spreads through phishing emails, malicious website ads, and third-party applications and programs. Whether it’s Locky, CoinVault, Thanatos, TeslaCrypt or any other ransomware malware, the security measures are standard.
To protect yourself from such ransomware attacks, you should always be wary of uninvited documents sent in an e-mail and never click on the links in these documents if you do not check their sources.
Check if macros are disabled in your MS Office applications. Otherwise, block the macros to run in MS Office files from the Internet.
Always have a firm grip on all important documents, keep a good backup routine in place that makes copying files to an external storage device that is not always connected to the PC.
Also, be sure to run it on your system, an active behavior-based anti-virus security suite that detects and blocks this malicious software before you can infect your device and always remember to keep it up-to-date.