Beware of Thanatos, the latest cyber-extortion scam

By Mark Austin March 4, 2018

Another ransomware program is infecting computers, and it’s demanding Bitcoin Cash to let users unlock their files. A report at Bleeping Computer highlights the new ransomware, dubbed Thanatos, that was unearthed by security experts at MalwareHunter Team.

What makes this particular infection noteworthy is that it creates an encrypted file, but the key is not saved anywhere. Whether by accident or design, there’s no way to easily unlock a computer once it’s been compromised. Even if you do pay the ransom, it’s unlikely the developers of the malware will ever be able to decrypt your data.

It is possible to use a brute force method to discover the encryption key, however. Users infected with Thanatos are strongly advised not to pay the ransom and instead contact a cyber security firm for assistance.

After a computer is infected, all the encrypted filename extensions are changed to .THANATOS. A ransom note in the form of a README.txt file pops up whenever the user tries to log on, demanding $200 in cryptocurrency to decrypt the files.

Thanatos is noteworthy in that it’s the first ransomware scam to accept Bitcoin Cash for payment, along with Bitcoin and Ethereum. Bitcoin Cash is a spin-off of regular Bitcoin caused by a “hard fork” in the currency, similar in practice to a stock split.

Cryptocurrency is quickly becoming the payment method of choice for online extortionists; CCN reports that 34 ransomware schemes netted $25 million over a two-year period. Most criminals were using the Bitcoin exchange BTC-e to redeem their extorted funds. BTC-e has been used to launder money in the past, and several countries have called for legal oversight of the shadowy exchange.

Bleeping Computer has an in-depth guide that outlines some steps you can take to protect your data, such as anti-ransomware security software that includes behavioral detection algorithms. We’ve also compiled an overview of some of the best free anti-virus software to help keep your computer up and running.

You’ve heard it a hundred times, but it bears repeating: Always back up your data, always update your OS to the latest version, and don’t use the same passwords for multiple applications.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Mark’s first encounter with high-tech was a TRS-80. He spent 20 years working for Nintendo and Xbox as a writer and…

Computing

Cryptojacking is the new ransomware. Is that a good thing?

Graphics cards in a crypto mining farm.

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.
Making money from mining cryptocurrencies isn't just something that people do with their own hardware, malware authors have also been creating malicious software to have other people do the hard work them – and we don't mean cloud mining. While this represents a new fad in the realm of malware authorship though, it may not be around in this guise for long.

"Cryptojacking is outpacing ransomware reports by a factor of 1 to 100, and these numbers will continue to increase ..."

Computing

Ransomware shifts focus from holding passwords hostage to hijacking your PC

online Bitcoin courses

A malicious website initially set up to extort visitors to pay a cryptocurrency ransom has changed its course. Instead of demanding payment via Bitcoin, Ethereum, Bitcoin Cash or Litecoin in exchange for not leaking your password on the internet, the site now hijacks your computer's processing power to mine cryptocurrency in the background.

Designed as a copy of the Have I Been Pwned attack, the site began by asking users to enter their emails to see if their password has been compromised. Unfortunately, if your password was breached, the site demanded a "donation" of $10 by cryptocurrency to not publish your password in plain text on the web.

Computing

Twitter CEO aims to overhaul verification as digital coin scams grow

Twitter CEO Jack Dorsey and product director David Gasca indicated during a Periscope live-stream on Thursday, March 8, that the company wants all users to sport a verification badge. Their intent arrives as scammers take to the social platform to steal money from unsuspecting victims through accounts created using a flaw in the verification system. Twitter users believe these accounts are "official" and backed by Twitter, handing over small amounts of digital currency to scammers for a promise of a big return, but remain empty-handed.
“The main problem is we use it to mean identity, but because of the way it was originally started, where it was only given to certain very large public figures, celebrities, etcetera, it came to have a lot of status associated with it, as well,” Gasca said. “They think of it as credibility. Twitter stands behind this person, Twitter believes that this person is someone that -- what they’re saying is great and authentic, which is not at all what we mean by the checkmark.”
That is why victims fall prey to the cryptocurrency scams proliferating across Twitter: Many accounts appear to be verified and backed by Twitter, which they are not. The problem is getting out of hand, pushing legitimate Twitter accounts to continuously warn followers about the scams. In return, these accounts inadvertently violate Twitter's policies and face a permanent ban.
A prime example is the Kraken Exchange cryptocurrency trading platform, whose support-related Twitter account temporarily went offline due to repeated warnings to followers. Twitter eventually lifted the ban.
"Safety tip: Beware of twitter handles that are similar to ours that promise coin giveaways, if you send them a deposit first. We are not doing a giveaway at this time," Kraken's support team warns.
One such scam uses the Kraken logo as bait. Victims are suggested to send up to five Ethereum coins (Ether) to a specific address for up to 50 Ethereum coins in return in a big 2,000-coin "giveaway." But victims never see the big return, nor do they get their virtual coins back. It's a growing problem related to the verification system that Twitter is now addressing.
“The intention is to open verification to everyone,” Dorsey said on Thursday. “And to do it in a way that is scalable [so] we’re not in the way and people can verify more facts about themselves and we don’t have to be the judge and imply any bias on our part.”
Twitter previously tried to overhaul the verification system in 2016 by accepting applications from users who want a verified account. Twitter performed the verification in-house, assigning the coveted checkmark to actors, musicians, and so on. But Twitter halted the application process in November after a backlash over the verification of Jason Kessler, the main organizer of the white nationalist Unite the Right rally in Charlottesville, Virginia.
"Our agents have been following our verification policy correctly, but we realized some time ago the system is broken and needs to be reconsidered,” Dorsey said at the time.