Thanos Ransomware May Get Around Certain Security Systems

June 22, 2020

Written by wukovits

thanos ransomware may get around certain security systemsIn 2019, a new strain of ransomware called Thanos burst onto the scene and has since been spreading quietly and seeing increased adoption by hackers around the world.

The code has been traced to a Russian hacker going by the name Nosophorus, who has been offering the software as ‘Ransomeware-as-a-service’ on Russian-speaking forums on the Dark Web since February 2020.

The reason for Thanos’ increasing popularity is that Nosophorus has monetized its spread, creating an affiliate program that shares revenue from any ransom payments collected. This is only one of a number of interesting and alarming features about the code, however.

Most of the ransomware written in C# isn’t very robust or sophisticated. However, Thanos is an exception, sporting a modular design that makes it easy to upgrade or reconfigure based on each hacker’s specific needs.

In addition to that, Thanos is the first ransomware strain that makes use of RIPlace anti-ransomware evasion techniques, which makes it notoriously difficult to detect and prevent. The technique was first discovered by a security researcher going by the name of Nyotron. He duly reported it to security companies around the world, only to be told that the technique, while interesting, was purely theoretical and would never be seen in the wild.

Sadly, those predictions have now been proved to be incorrect. Thanos is actively making use of the evasion technology, which leaves security companies scrambling to catch up. Unfortunately, when RIPlace was described to Microsoft, a spokesman for the company had something to say.

He said:

The technique described is not a security vulnerability and does not satisfy our Security Servicing Criteria. Controlled folder access is a defense-in-depth feature and the reported technique requires elevated permissions on the target machine.”

Given this and the other advanced features Thanos sports, you can bet that it’s going to see increasingly widespread use. Ultimately, this will force big tech firms to take action, but not before the malware has the opportunity to do serious damage. Be on the alert for this one. Thanos is a serious threat.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Unlocking Small Business Success: The Impact of AI in a Digital Era

In the rapidly evolving business landscape, staying competitive necessitates embracing technological advancements. Artificial Intelligence (AI), once perceived as a luxury for larger enterprises, is now accessible to small businesses, offering new opportunities for...