You are here

HomeJohn Lister › New Ransomware: Pay Up Or Files Go Public

New Ransomware: Pay Up Or Files Go Public

John Lister's picture
by John Lister on June, 16 2020 at 10:06PM EDT

A new form of ransomware named after a Marvel super villain has some particularly evil features. The Thanos malware uses an approach more reminiscent of "physical world" blackmail.

Despite the name, the malware thankfully doesn't imitate the character Thanos by - spoiler alert - deleting half the files in the entire universe.

That said, it's still quite scary thanks to a couple of features beyond the usual tactic of encrypting files and demanding a ransom. Instead, the ransomware also seeks to spread across an entire local network and encrypt all the computers it can reach.

This is especially bad news for any business or organization that is currently relying on remote desktop connections in order to access data at an office due to the COVID-19 pandemic, for example. Such machines are incredibly at risk of ransomware sneaking onto the network, particularly if the remote desktop protocol becomes exploitable. In this case, ransomware can sneak onto a network despite security updates, firewall, or antivirus installed.

Personal Data Shared Online

That said, the Thanos ransomware has a tactic aimed at individuals. Before encrypting files, Thanos copies anything in a common document format such as Microsoft Word and Excel files and Adobe PDF documents and holds on to these copies remotely.

The victim then gets a ransom demand with the threat that not only will their own copies of the files remain locked, but the stolen copies will be published online unless they pay a ransom. The demand says the files will appear on sites dedicated to data leaks, meaning there's a strong likelihood that professional scammers will try to exploit any personal data in the documents.

Security Software Fooled

To make things worse, Thanos uses a new technique called RIPlace that aims to disguise the manipulation of files to avoid detection by security software that specifically looks for ransomware.

That's a big worry as when RIPlace first became public knowledge, several security software firms said they didn't need to update their tools as it was a purely theoretical threat. (Source: bleepingcomputer.com)

That is no longer the case, however, as it appears Thanos has a good chance of spreading. Digital criminals have been offered a hefty revenue share of any ransom payments in return for helping get it on to more machines.

They also get access to a tool that can customize Thanos to as many as 43 different versions, making it much harder to detect. (Source: itwire.com)

What's Your Opinion?

Would you pay a ransom to stop files on your computer being published? Would their content cause you problems if scammers could access them? Are you confident your chosen security tools do enough to combat ransomware?

Filed under:
Security
| Tags:
security software
,
ransom
,
copies
,
files
,
thanos
,
ransomware
,
cyber criminals
Rate this article: 
Average: 4.8 (9 votes)

Comments

daniel k_8060's picture

Submitted by daniel k_8060 on Wed, 06/17/2020 - 00:46

This is a worry. How can it be defended? These people should be " hung out to dry" for a Long time.
Interested in any new ways to defeat this.
Thanks for the Article

Dennis Faas's picture

Submitted by Dennis Faas on Wed, 06/17/2020 - 13:21

Most of the new variants of ransomware these days cannot be reversed or defeated. The only 100% solution is to backup your data, verify the backup, test the restore process, and keep the backups offline / not attached to the system. If anyone needs a comprehensive backup solution I can assist - shoot me an email here.

ronangel1's picture

Submitted by ronangel1 on Wed, 06/17/2020 - 01:48

The answer here might be quite simple,save,place,all documents types affected in one main folder (documents)and sub folders under this one.Encript folder with master password that has to be manualy entered everytime any document is opened,copied or changed.Apart from password protecting each one separatly.
They may still get you but wont be able to distribute the information and you just use existing backup plan for this sort of attack.

mareket_13675's picture

Submitted by mareket_13675 on Wed, 06/17/2020 - 01:57

I use a backup program to copy & store important personal files on several hard drives & any files that contain sensitive private information e.g. bank account details are encrypted using an encryption program. I also keep a copy of these files on an external hard drive that only gets connected to my computer for backup purposes. As well I keep multiple images of my operating system drive on several hard drives including an external drive.

If my files were stolen or encrypted and I received a ransom demand or if my operating system drive was compromised I could be up and running again by restoring an image of my operating system drive & restoring my personal files from one of my backups.

Need Help? Ask!



My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).

We are BBB Accredited

We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.