MalwareHunterTeam, a group malware researchers, discovered a ransomware dubbed Thanatos that demands ransom in bitcoin cash (BCH). Ransomware has surfaced the web for quite some time now and is usually linked with cryptocurrencies such as monero and zcash. However, Thanatos is the first that demands payment from victims in BCH. MalwareHunterTeam announced about their discoveries via a tweet.
Monero and zcash have often been labeled as “criminal currencies” for their use in illicit activities. Moreover, reports suggest that use of bitcoin has subsided in the criminal world. Now it is Bitcoin Cash that is gaining popularity among criminals.
Thanatos Demands $200 in BCH
Apart from the messy encryption system, Thanatos is the first ransomware to demand payment in BCH. Besides accepting bitcoin cash, the ransomware also demands a ransom in bitcoin and ether. The ransomware requires $200 to be paid in bitcoin, ether or bitcoin cash.
It is not the first time bitcoin cash has been linked to illicit activities. The darknet portal Dream market also added bitcoin cash as a payment option in December 2017. Dream is known as one of the biggest hidden markets for selling drugs. At the time, bitcoin was the primary payment option but due to the high transaction fees at the time, bitcoin cash was added to process cheaper transactions.
Thanatos: An Untested Malware
As per BleepingComputer’s report, Thanatos is not a fully tested and has several flaws that make it different from other ransomware. Generally, ransomware restricts access for users until the ransom is paid and once the payment is confirmed the decryption program is sent. However, in case of Thanatos, malware researcher Francesco Muroni points that as the decryption keys are not stored anywhere, even developers of Thanatos are unable to decrypt files that are locked by the malware. Hence, he advises user not to pay the ransom.
The BleepingComputer blog reads “While the encryption part of Thanatos is a mess, the ransomware does introduce something new. That is being the first ransomware to accept Bitcoin Cash as a ransom payment.”
With Thanatos, the encrypted files on victims computer will be appended with .THANATOS extension. According to Muroni, the encrypted files can be decrypted via brute force. Hence, the malware researcher suggests victims not to pay ransom if they are affected. Brute forcing to regain access to files is possible with one condition that all files are of a common type.
To trick victims, ransomware developers have provided an email address, [email protected], where victims are supposed to email their “unique victim ID” to receive the decryption pack. According to malware experts, the best way to protect one from the malware is to follow good computing habits that are backing up data regularly, avoid opening files from unknown users and use good security habits.