Skip to main content

Thanos Ransomware May Get Around Certain Security Systems

By June 22, 2020May 5th, 2022Cybersecurity

In 2019, a new strain of ransomware called Thanos burst onto the scene and has since been spreading quietly and seeing increased adoption by hackers around the world.

The code has been traced to a Russian hacker going by the name Nosophorus, who has been offering the software as ‘Ransomeware-as-a-service’ on Russian-speaking forums on the Dark Web since February 2020.

The reason for Thanos’ increasing popularity is that Nosophorus has monetized its spread, creating an affiliate program that shares revenue from any ransom payments collected. This is only one of a number of interesting and alarming features about the code, however.

Most of the ransomware written in C# isn’t very robust or sophisticated. However, Thanos is an exception, sporting a modular design that makes it easy to upgrade or reconfigure based on each hacker’s specific needs.

In addition to that, Thanos is the first ransomware strain that makes use of RIPlace anti-ransomware evasion techniques, which makes it notoriously difficult to detect and prevent. The technique was first discovered by a security researcher going by the name of Nyotron. He duly reported it to security companies around the world, only to be told that the technique, while interesting, was purely theoretical and would never be seen in the wild.

Sadly, those predictions have now been proved to be incorrect. Thanos is actively making use of the evasion technology, which leaves security companies scrambling to catch up. Unfortunately, when RIPlace was described to Microsoft, a spokesman for the company had something to say.

He said:

The technique described is not a security vulnerability and does not satisfy our Security Servicing Criteria. Controlled folder access is a defense-in-depth feature and the reported technique requires elevated permissions on the target machine.”

Given this and the other advanced features Thanos sports, you can bet that it’s going to see increasingly widespread use. Ultimately, this will force big tech firms to take action, but not before the malware has the opportunity to do serious damage. Be on the alert for this one. Thanos is a serious threat.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.