A new ransomware that uses sophisticated techniques to avoid detection

The cyber security company, Recorded Future, revealed on June 10 that a ransomware attack called „Thanos“ has been promoted on several hacking forums on the darknet since February.

According to the report, Recorded Future’s Insikt Group discovered the new ransomware attack service.

Ransomware as a service“ methods consist of allowing external hackers to use ransomware to attack their targets in exchange for joining a scheme in which revenues must be shared with the developers, dividing the profits by approximately 60% to 70%.

A troubled affair with a Bitcoin millionaire ends badly

The main feature of Thanos ransomware
Speaking with Cointelegraph, Lindsay Kaye, director of operational results for Insikt Group at Recorded Future, explains further the encryption feature used in this ransomware:

„Thanos has no particularly sophisticated or novel features that we could identify, but the most notable feature that the Insikt Group found and that prompted this research is the use of the RIPlace malware technique in its file encryption process. Previously, the RIPlace technique was only observed in the proof of concept published by Nyotron, but Thanos ransomware shows an example in a threat actor that uses this technique for its use as malware“.

The Thanos ransomware generator allows the operator to customize the software ransom note, they can modify the text to request any crypto currency of their choice, not just Bitcoin (BTC)

Although it is a possibility that has been announced, Kaye says that so far, they have not observed the use of Monero with ransomware.

Spanish company Realsec presents cyber security solutions for Blockchain and IoT environments

The level of encryption strength
The director of operational results of the Recorded Future Insikt Group advised:

„Ransomware attacks, if successful, can be hugely debilitating to businesses, because Thanos by default uses an AES encryption key that is generated at runtime, without the attacker’s private key, file recovery is impossible, that said, to minimize the risk of an attack with Thanos, organizations should continue to employ information security best practices to reduce the threats posed by ransomware“.

Cointelegraph previously reported that DopplePaymer hackers leaked a number of files belonging to NASA through a portal operated by the gang, including human resource documents and project plans. These files came from Maryland-based Digital Management Inc.