Thanos Ransomware

The Thanos Ransomware is a data-locking Trojan that was first spotted in October 2019. Back in 2019, the Thanos Ransomware was dubbed Quimera Ransowmare. At a later point, malware experts also had given it the name Hakbit Ransomware. This is because since it first emerged, the Thanos Ransomware threat has been updated several times, and different variants have had different features added to them. 

Recently, cybersecurity researchers came across an advertisement on an underground hacking forum promoting a ransomware-as-a-service offer. The name of the ransomware builder offered by the cyber crook in the advertisement was Thanos Ransomware, hence the latest name of this variant of the Quimera Ransomware.

The Thanos Ransomware is a rather harmful threat, as it is very feature-rich. The Thanos Ransomware allows its operators to:

• Avoid systems used for malware debugging. 
• Delay the activation of the threat.
• Utilize a custom-selected extension.
• Evade the Windows User Account Control.
• Determine the maximum size for the files targeted for encryption.
• Determine what filetypes to select for encryption.
• Obtain certain files before they get encrypted, so they can be used for blackmail.

Ransomware-as-a-service is a very smart scheme as the authors of the threat monetize their creation without partaking in any explicitly illicit activity personally. Since there are multiple threat actors who have purchased the Thanos Ransomware and are distributing it, it is likely that there are various infection vectors involved in the propagation of this data-locker. Some of the most commonly used distribution methods, in regards to file-encrypting Trojans, include phishing emails that contain corrupted attachments or links, torrent trackers, fraudulent software downloads or updates, corrupted advertisements, fake social media pages and profiles, pirated copies of popular applications, etc.

The Thanos Ransomware is a data-locker that should not be underestimated. The fact that the operators of the Thanos Ransomware are able to collect files prior to the encryption process taking place means that they intend to blackmail their victims by threatening to leak potentially sensitive information about them online. This trick has been gaining popularity in 2020, with more and more authors of ransomware threats utilizing it.

The Thanos Ransomware is, unfortunately, not decryptable for free. It is best to remove this nasty Trojan from your system with the help of a reputable, up-to-date anti-malware solution.