Victims of a destructive form of ransomware, which fails to unlock files even if the ransom is paid, can now retrieve their files for free with a new file decryptor released by security researchers.
Thanatos ransomware first started targeting Windows systems in February and multiple versions of it have been released in the months since, indicating that those behind it remain an active threat.
Thanatos is distinct from many other forms of ransomware in that it doesn't demand a payment in bitcoin[1], but is known instead to request ransoms paid in other cryptocurrencies[2] including Bitcoin Cash, Zcash and Ethereum.
However, even if the victim does give into the ransom demand, issues within the encryption process of Thanatos means that the data isn't returned to the victim. Some campaigns reveal that this is intentional on part of the attackers, who taunt victims about the lack of a decryption key.
In order to combat the destruction caused by files which can't be decrypted, researchers at Cisco Talos[3] have built and released a free tool for decrypting the files - ThanatosDecryptor.
The tool is available to download now[4] and works on all current versions of the ransomware - researchers recommend that it is run on the original infected machine in order decrypt files across a network as quickly as possible.
Like other forms of ransomware, Thanatos is delivered to victims in the form of an attachment, although it isn't restricted to email as attackers have been seen distributing the ransomware by Discord, a voice and text chat application which is widely used by gamers[5].
See also: Ransomware: An executive guide to one of the biggest menaces