Bitcoin Forum
August 25, 2019, 08:41:02 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [2018-03-02] First Bitcoin Cash Ransomware Makes It Impossible to Decrypt Files  (Read 39 times)
Terraformer
Sr. Member
****
Offline Offline

Activity: 574
Merit: 251



View Profile
March 02, 2018, 11:07:18 AM
 #1

Ransomware extortionists have seemingly started using Bitcoin Cash (BCH) for ransom payments as well, according to a report published by Bleeping Computer. The first ransomware strain to use the cryptocurrency, dubbed Thanatos, makes it impossible for users to decrypt their files, even after paying.

Per Bleeping Computer, the ransomware was first discovered by cybersecurity researcher MalwareHunterTeam. After infecting a victim, Thanatos uses a new key for each file it encrypts, but doesn’t store the keys anywhere. As a result, it’s impossible for the ransomware’s developer to decrypt a victim’s files.

Those affected by Thanatos are advised not to pay the ransom. According to researchers, the only way to get rid of it is by brute forcing the encryption key for each file, meaning victims should contact cybersecurity firms for help.

Thanatos is notably the first ransomware strain to accept Bitcoin Cash for payments, along with Bitcoin and Ethereum. After a user is infected, a readme.txt file opens up, telling them to send the equivalent of $200 to a BTC, ETH, or BCH wallet. Bleeping Computer’s report reads:

“This ransom note contains instructions to send a $200 USD ransom payment to one of the listed Bitcoin, Ethereum, or Bitcoin Cash addresses. The user is then instructed to contact thanatos1.1 @ yandex.com with their unique victim ID in order to receive a decryption program.”

At the end of the note, the extortionists try to coerce victims into paying by implying no one can help. It reads that files can only be decrypted by the ransomware’s authors, although researchers pointed out even they can’t do it.

The growing popularity of cryptocurrencies has been helping ransomware extortionists’ business. As covered by CCN, a Google report revealed that they netted $25 million in two years. The business is so popular that a Tor Proxy service was caught diverting some of their bitcoin payments.

Security researchers advise users to regularly backup their files in a secure and reliable way, to use proper security software, and to never open attachments when the sender is unknown. Furthermore, users should make sure their software is updated as older programs often contain security vulnerabilities.

Other security tips include using strong passwords, and never reusing the same password in any circumstance. As reported, even darknet Dream Market users were caught for reusing their passwords.

https://www.ccn.com/first-ransomware-strain-use-bitcoin-cash-makes-impossible-decrypt-files/
1566722462
Hero Member
*
Offline Offline

Posts: 1566722462

View Profile Personal Message (Offline)

Ignore
1566722462
Reply with quote  #2

1566722462
Report to moderator
1566722462
Hero Member
*
Offline Offline

Posts: 1566722462

View Profile Personal Message (Offline)

Ignore
1566722462
Reply with quote  #2

1566722462
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Lucius
Legendary
*
Offline Offline

Activity: 1512
Merit: 1297


Fortis Fortuna Adiuvat


View Profile WWW
March 02, 2018, 11:38:09 AM
 #2

I do not see what the difference is in asking victim that pay ransome in BTC,BCH or any other coin,ransom is still ransom and victim is still victim.So far only BTC was mentioned in combination with ransomware,and maybe it is not bad that shadow also falls to competition.

What is important here is that even if victim pay,files remain locked-so in most cases it is not advisable to pay ransome but try to get help from professionals.Very often after some time decrypt keys become publicly available so data can be saved,but backup is something which is necessary for data retention in case of ransomware infection.

At the end every user should think before click on anything,infection can not enter in your system if you do not let that happens.

LuanX3
Hero Member
*****
Offline Offline

Activity: 756
Merit: 505



View Profile
March 02, 2018, 11:40:48 AM
 #3

Not all too surprising. They can use whatever they want as a way to get paid, well they want to be the hipsters of the hacking world and make use of something else to be paid with like BCH.

The problem now is not really what they are asking for, but more of the ransomware truly getting a lot more complex than it was when it started. Now is the time to totally have a completely reliable antivirus.
chocomartin
Member
**
Offline Offline

Activity: 74
Merit: 10


View Profile
March 05, 2018, 07:56:54 AM
 #4

This is very similar to the WannaCry ransomware attack on May 2017. Your computer and its files would be held for ransom in exchange for bitcoins but the only difference here was that the WannaCry hackers actually did give back your files after you paid the ransom. They even released an apology for the people who've paid and still can't access their files yet and actually even worked on a solution to give back their files. Some hackers still have ethics I guess.  Cheesy

Bottom line is prevention is always better than recovery, be careful of emails that redirect you to phishing sites and for the love of God backup your files.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!