Home / Archive / First Bitcoin Cash Ransomware Makes It Impossible to Decrypt Files

First Bitcoin Cash Ransomware Makes It Impossible to Decrypt Files

Last Updated March 4, 2021 5:05 PM
Francisco Memoria
Last Updated March 4, 2021 5:05 PM

Ransomware extortionists have seemingly started using Bitcoin Cash (BCH) for ransom payments as well, according to a report published by Bleeping Computer . The first ransomware strain to use the cryptocurrency, dubbed Thanatos, makes it impossible for users to decrypt their files, even after paying.

Per Bleeping Computer, the ransomware was first discovered by cybersecurity researcher MalwareHunterTeam . After infecting a victim, Thanatos uses a new key for each file it encrypts, but doesn’t store the keys anywhere. As a result, it’s impossible for the ransomware’s developer to decrypt a victim’s files.

Those affected by Thanatos are advised not to pay the ransom. According to researchers, the only way to get rid of it is by brute forcing the encryption key for each file, meaning victims should contact cybersecurity firms for help.

Thanatos is notably the first ransomware strain to accept Bitcoin Cash for payments, along with Bitcoin and Ethereum. After a user is infected, a readme.txt file opens up, telling them to send the equivalent of $200 to a BTC, ETH, or BCH wallet. Bleeping Computer’s report reads:

“This ransom note contains instructions to send a $200 USD ransom payment to one of the listed Bitcoin, Ethereum, or Bitcoin Cash addresses. The user is then instructed to contact [email protected] with their unique victim ID in order to receive a decryption program.”

At the end of the note, the extortionists try to coerce victims into paying by implying no one can help. It reads that files can only be decrypted by the ransomware’s authors, although researchers pointed out even they can’t do it.

The growing popularity of cryptocurrencies has been helping ransomware extortionists’ business. As covered by CCN.com, a Google report revealed that they netted $25 million in two years. The business is so popular that a Tor Proxy service was caught diverting some of their bitcoin payments.

Security researchers advise users to regularly backup their files in a secure and reliable way, to use proper security software, and to never open attachments when the sender is unknown. Furthermore, users should make sure their software is updated as older programs often contain security vulnerabilities.

Other security tips include using strong passwords, and never reusing the same password in any circumstance. As reported, even darknet Dream Market users were caught for reusing their passwords.

Featured image from Shutterstock.