Recorded Future Reveals Ransomware “Thanos” Promotes A Number Of Darknet Hacking Forums
Recorded Future Reveals Ransomware “Thanos” Promotes A Number Of Darknet Hacking Forums
June 12, 2020
Recorded Future Reveals Ransomware “Thanos” Promotes A Number Of Darknet Hacking Forums
Recorded Future Reveals Ransomware “Thanos” Promotes A Number Of Darknet Hacking Forums
June 12, 2020

Recorded Future, a cybersecurity firm, has revealed that a ransomware attack named “Thanos” has been promoted on a number of darknet hacking forums since February 2020.

On June 10, it has been reported that Recorded Future’s Insikt Group uncovered the new “ransomware-as-a-service” attack.  

However, “ransomware-as-a-service” methods consist of allowing external hackers to use the ransomware to attack their targets in exchange for adhering to a revenue-share scheme with the developers by splitting profits of 60% – 70% approximately.

Lindsay Kaye, the Director of Operational Outcomes of Insikt Group at Recorded Future, explained:

“Thanos does not have any particularly sophisticated or novel characteristics that we were able to identify, but the remarkable feature that Insikt Group found and that spurred this research is the malware’s use of the RIPlace technique in its file encryption process. Previously, the RIPlace technique was only observed in the proof of concept published by Nyotron, but the Thanos ransomware demonstrates an example of a threat actor productizing the technique for use in malware.”

It has been analyzed that the Thanos ransomware builder allows the operator to customize the software’s ransom note, as they can modify the text to ask for any cryptocurrency of their choosing, not just Bitcoin (BTC).

ALSO READ :  Cisco Systems Discovers A New Cryptojacking Botnet “Prometei” That Steals Data From Its Victims

Though it is an advertised possibility, Kaye said that so far, they have not observed the use of Monero with the ransomware.

Thus, Kaye advised:

“Ransomware attacks, if successful, can be hugely debilitating to companies. Because Thanos by default uses an AES encryption key that is generated at runtime, without the attacker’s private key, recovery of the files is impossible. That said, to minimize the risk of an attack using Thanos, organizations should continue to employ information security best practices for mitigating the threats posed by ransomware.”

Source: Cointelegraph | Image: CBS News


Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Ishita Bora

Ishita Bora is a Senior Content Creator at Digital Notice Media Labs with an experience of 1 year. She has completed her Master's Degree in Language and Linguistics in 2019 from Gauhati University, India. Her interest lies in blockchain technology and cryptocurrency space. She loves writing about blockchain and other blockchain-related articles.