Thanatos Ransomware's free decryption tool

If the σας έχει μολυνθεί με το Ransomware Thanatos και ψάχνετε για λύση, πριν πληρώσετε λύτρα, δοκιμάστε ένα δωρεάν εργαλείο αποκρυπτογράφησης από την Cisco Talos, για να αποκρυπτογραφήσετε τα you.

Cisco Talos security researchers have discovered a flaw in the Thanatos ransomware code that allows victims to unlock their encrypted files without paying a ransom to the criminals.

Like all ransomware threats, Thanatos encrypts files and asks its victims to ransom multiple cryptosystems, including Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others, to decrypt their files. Once a computer is infected, all infected encrypted file extensions end up in .THANATOS, and then a ransom note appears, giving instructions on where to send the money to decrypt the files.

However, because Thanatos uses a different system of different encryption keys for each file, and without storing them somewhere, it is impossible for malicious programmers to send the passwords, even if the victims pay the ransom.

Cisco researchers analyzed malware code and found a gap in the design of the file encryption methodology used by Thanatos, developed a free ransomware decryption tool to help victims decrypt their files. It is called Thanatos Decryptor, is completely free, you can download it from GitHub website, and works for versions 1 and 1.1 of Thanatos ransomware

Since the encryption keys used by Thanatos are derived based on the number of milliseconds since the last του συστήματος, οι ερευνητές μπόρεσαν να αναστρέψουν τη λογική αυτή και να επαναδημιουργήσουν το ίδιο 32-bit κλειδί κρυπτογράφησης, χρησιμοποιώντας brute force attack και τα Event Logs των . For more details about Thanatos ransomware, you can refer in the detailed article published yesterday by Cisco Talos.

To decrypt your encrypted files from Thanatos Ransomware, you need to download Thanatos Decryptor and save it to your desktop. You also need to make sure that you have it installed Microsoft Visual C ++ Redistributable for Visual Studio 2017 otherwise when you try to run Dectyptor you will see an error about missing DLLs.

Once you have everything you need, just double-click the executable file (exe) and the decrypter will start looking for files to decrypt. It will only decrypt the following file types:

Image: .gif, .tif, .tiff, .jpg, .jpeg, .png
Video: .mpg, .mpeg, .mp4, .avi
Sound: .wav
Document: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .odt, .ods, .odp, .rtf
Other: .zip, .7z, .vmdk, .psd, .lnk

Cisco recommends that you run the decryptor on the same computer where the files were encrypted. The decryption process can take a long time, so be patient.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).