IT experts released free Thanatos ransomware decryption tool

Free Thanatos ransomware decryption software has been released

Thanatos ransomware decryption software has been released by cybersecurity researchers at Cisco Talos.

Thanatos ransomware^[1] is a file-encrypting virus which locks data with AES cryptography to demand a ransom of 0.01 Bitcoin. Even though users whose computers are infected with this malicious program are unable to get back the access to the encrypted information without paying the ransom, now experts have released a free decryption software.

Cybersecurity researchers at Cisco Talos have recently located a significant vulnerability in the code of the ransomware^[2]. Likewise, people no longer need to deal with the attackers and suffer from financial losses since they can decrypt files encrypted by Thanatos ransomware for free.

This is a cardinal change to the cyber community since some of the versions of Thanatos virus contain a bug. In other terms, even if victims pay the ransom, hackers are unable to recover files which are encoded by the ransomware. Fortunately, ThanatosDecryptor is a free tool which can be used by anyone suffering from the crypto-malware attack.

The peculiarities of Thanatos 1 and 1.1 malware versions

According to the experts, this virus has several features which makes it different from other ransomware-type infections. The initial Thanatos 1 version demanded its victims to pay the ransom in Bitcoins^[3]. However, Thanatos version 1.1 of this malicious program accept other cryptocurrencies for the transactions as well:

Unlike other ransomware commonly being distributed, Thanatos does not demand ransom payments to be made using a single cryptocurrency like bitcoin. Instead, it has been observed supporting ransom payments in the form of Bitcoin Cash (BCH), Zcash (ZEC), Ethereum (ETH) and others.

Furthermore, security researchers believe that ThanatosDecryptor is exceptionally valuable since the malware was actively distributed at the beginning of 2018. Thanatos virus was recently updated to version 1.1, indicating that the attackers aimed to spread the infection worldwide^[4]:

Multiple versions of Thanatos have been leveraged by attackers, indicating that this is an evolving threat that continues to be actively developed by threat actors with multiple versions having been distributed in the wild <…>

Download ThanatosDecryptor from GitHub

IT experts at Cisco Talos have carefully analyzed both versions of Thanatos ransomware. Luckily, they have identified the vulnerability which allows victims to decrypt locked information using the free decryption tool. You can download the Free Thanatos decryption tool from GitHub.

Currently, ThanatosDecryptor can help you retrieve the following files^[5]:

• .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .odt, .ods, .odp, .rtf;
• .mpg, .mpeg, .mp4, .avi;
• .zip, .7z, .vmdk, .psd, .lnk, .wav;
• .gif, .tif, .tiff, .jpg, .jpeg, .png;

Keep in mind that the decryption software is compatible with both, Thanatos version 1 and 1.1. It searches for the files with .THANATOS extension to help users get back the essential data:

The decryptor first searches the same directories as the ransomware to identify files that contain the .THANATOS file extension. For files that contain the .THANATOS file extension, the decryptor will then obtain the original file extension, which is left intact during infection, and compare it to the list of supported file types. If the file type is supported, the decryptor will then queue that file for decryption.