A new ransomware decryption tool released by Talos security group allows victims to gain access to their locked data if infected by the Thanatos ransomware.
The free decryption utility dubbed “ThanatosDecryptor” takes advantage of design weaknesses of the file encryption methodology used by Thanatos.
Talos has been analyzing the evolving Thanatos threat over the past several months and said the ransomware has gone through several different versions. Attackers are distributing the multiple versions to target systems in the wild.
“Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Instead, it has been observed supporting ransom payments in the form of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others,” Talos said in a blog post on Tuesday.
It also turns out the cyber criminals have been unable to return data to their victims, even after being paid. Some experts think this may have been intentional on the part of the distributor.
Nevertheless, Talos has released the new tool to regain lost files caused by the ransomware.
Talos also provided a detailed write-up on the Thanatos evolution, operations and encryption process as well.