Skip to content

A new ransomware that uses sophisticated techniques to avoid detection

June 12, 2020

Cyber ​​security company Recorded Future announced on June 10 that a ransomware attack called “Thanos” has been advertised in various darknet hacking forums since February.

According to the message, Recorded Future’s Insikt Group discovered the new ransomware attack service.

“Ransomware as a Service” methods are to allow external hackers to use ransomware to attack their targets, to join a system that requires revenue sharing with developers, with profits between 60% and 70% % will be divided% approximately.

The main feature of Thanos ransomware

A new ransomware that uses sophisticated techniques to avoid detectionA new ransomware that uses sophisticated techniques to avoid detection

In an interview with Cointelegraph, Lindsay Kaye, Chief Operating Officer of Insikt Group at Recorded Future, explains the encryption function used in this ransomware:

“Thanos does not have particularly sophisticated or novel features that we have identified, but the most notable feature that the Insikt Group has found and that has spurred this research is the use of the RIPlace malware technique in its file encryption process, formerly RIPlace -Technique This was only seen in the Nyotron Proof of Concept, but Thanos ransomware shows an example of a threat actor using this technique for use as malware. “

With the Thanos ransomware generator, the operator can customize the software ransom note. He can change the text to request any cryptocurrency of his choice, not just Bitcoin (BTC).

Though it’s an advertised option, Kaye says so far, You haven’t observed the use of Monero with the ransomware.

Encryption strength

Recorded future Chief Operating Officer of the Insikt Group advised:

“If ransomware attacks are successful, they can be tremendously debilitating for businesses, since Thanos defaults to using an AES encryption key that is generated at runtime without restoring the attacker’s private key.” However, archiving is not possible. To minimize the risk of a Thanos attack, organizations should continue to apply information security best practices to mitigate the threats posed by ransomware. “

Cointelegraph previously reported that DopplePaymer hackers leaked a number of NASA files through a gang-operated portal, including personal documents and project plans. These files are from Digital Management Inc., based in Maryland or DMI, an IT contractor that works with various companies and government agencies.