If your computer is infected with Ransomware Thanatos and you are looking for a solution, before you pay a ransom, try a free decryption tool from Cisco Talos to decrypt your files.
Cisco Talos security researchers have discovered a flaw in the Thanatos ransomware code that allows victims to unlock their encrypted files without paying a ransom to the criminals.
Like all ransomware threats, Thanatos encrypts files and asks its victims to ransom multiple cryptosystems, including Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others, to decrypt their files. Once a computer is infected, all infected encrypted file extensions end up in .THANATOS, and then a ransom note appears, giving instructions on where to send the money to decrypt the files.
However, because Thanatos uses a different system of different encryption keys for each file, and without storing them somewhere, it is impossible for malicious programmers to send the passwords, even if the victims pay the ransom.
Cisco researchers analyzed malware code and found a loophole in the design of the Thanatos file encryption methodology, based on which they developed a free ransomware decryption tool to help victims decrypt their files. It is called Thanatos Decryptor, is completely free, you can download it from GitHub website, and works for versions 1 and 1.1 of Thanatos ransomware
Since the encryption keys used by Thanatos are based on the number of milliseconds since the last boot of the system, the researchers were able to reverse this logic and recreate the same 32-bit encryption key using brute force attack and Windows Event Logs. For more details on ransoware Thanatos, you can refer in the detailed article published yesterday by Cisco Talos.
To decrypt your encrypted files from Thanatos Ransomware, you need to download Thanatos Decryptor and save it to your desktop. You also need to make sure that you have it installed Microsoft Visual C ++ Redistributable for Visual Studio 2017 otherwise when you try to run Dectyptor you will see an error about missing DLLs.
Once you have everything you need, just double-click the executable file (exe) and the decrypter will start looking for files to decrypt. It will only decrypt the following file types:
Image: .gif, .tif, .tiff, .jpg, .jpeg, .png
Video: .mpg, .mpeg, .mp4, .avi
Document: .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .odt, .ods, .odp, .rtf
Other: .zip, .7z, .vmdk, .psd, .lnk
Cisco recommends that you run the decryptor on the same computer where the files were encrypted. The decryption process can take a long time, so be patient.