Recorded Future a cybersecurity firm revealed heart-throbbing news on June 10 that a new ransomware attack named “Thanos” has been revealed on a number of darknet hacking forums since February 2020.
According to the research of a report, Recorded Future’s Insikt Group uncovered the new ransomware-as-a-service attack.
“Ransomware-as-a-service” methods consist of allowing external hackers to use the ransomware to attack the targets in exchange for adhering to a revenue-share scheme with the developers by splitting profits of 60%-70% approximately.
Considerable Feature of “Thanos”.
Thanos is the first Ransomware observed that advertises the use of the RIPlace tactic. RIPlace is a windows file system technique unveiled in proof of Concept(Poc) last year by researchers at Nyotron, which can be used to maliciously alter files and which allows attackers to bypass various anti-ransomware methods.
Beyond its utilization of RIPlace, “Thanos” doesn’t incorporate any novel functionality, and it is simple in its overall structure and functionality. But this ease-of-use may be why Thanos has surged in popularity amongst cybercriminals, according to Wednesday research from Recorded Future’s Inskit Group, Shared with Threatpost.
The Thanos ransomware builder allows the operator to customize the software’s Ransome note. They can modify the text to ask for any cryptocurrency of their choosing, not just BTC.
Though it is an advertised possibility, Kaye says that so far, they have not observed the use of Monero cryptocurrency with the ransomware.
The future of Thanos
According to researchers: “With information security best practices such as prohibiting external FTP connections and blacklisting downloads of known-offensive security tools, the risks associated with the tow key component of Thanos – data stealer and lateral movement – can be averted.”