In a report by security researcher MalwareHunterTeam, they have recently revealed a new form of ransomware called Thanatos. Thanatos not only messes up encryption, but its ransom is being demanded in Bitcoin Cash, not the usual Bitcoin.
This is a first, and perhaps a sign of the times, as people, including hackers, look elsewhere for more functioning digital currencies.
Thanatos may be breaking norms on its payment front, but even its attack is not something to write home about as the virus does not always enable files to be decrypted once the ransom is paid.
Don’t pay the ransom
With the Thanatos virus, when it infects a victim, it will use a new key for each encrypted file. The problem, according to researcher Francesco Muroni, is that these keys are never saved anywhere.
Essentially, this means that if the ransom is paid and the data is returned, the ransomware developer does not have a method that will actually be able to decrypt each file.
Therefore, it is not actually recommended to pay the ransom as it may be a wasted and futile exercise even if the attacker wants to keep up their end of the deal.
Moving to Bitcoin Cash
Bitcoin Cash is the preferred ransom of the Thanatos virus as these hackers look to move with the times. Recent changes to Bitcoin have seen it become less of a currency and more of a store of value. There are also questions about its popularity currently.
However, it is not that the Thanatos ransomware is shunning Bitcoin, as it will accept the original cryptocurrency as well as Ethereum, but this does mark the first time a malware attack is taking Bitcoin Cash as an option for ransom.