Thanos has spread quickly as it has become monetized

In 2019, a new strain of ransomware called Thanos burst onto the scene and has since been spreading quietly and seeing increased adoption by hackers around the world.

The code has been traced to a Russian hacker going by the name Nosophorus, who has been offering the software as 'Ransomeware-as-a-service' on Russian-speaking forums on the Dark Web since February 2020.

The reason for Thanos' increasing popularity is that Nosophorus has monetized its spread, creating an affiliate program that shares revenue from any ransom payments collected. This is only one of a number of interesting and alarming features about the code, however.

Unique software design for this ransomware

Most of the ransomware written in C# isn't very robust or sophisticated. However, Thanos is an exception, sporting a modular design that makes it easy to upgrade or reconfigure based on each hacker's specific needs.

In addition to that, Thanos is the first ransomware strain that makes use of RIPlace anti-ransomware evasion techniques, which makes it notoriously difficult to detect and prevent. The technique was first discovered by a security researcher going by the name of Nyotron. He duly reported it to security companies around the world, only to be told that the technique, while interesting, was purely theoretical and would never be seen in the wild.

Sadly, those predictions have now been proved to be incorrect. Thanos is actively making use of evasion technology, which leaves security companies scrambling to catch up. Unfortunately, when RIPlace was described to Microsoft, a spokesman for the company had something to say.

"The technique described is not a security vulnerability and does not satisfy our Security Servicing Criteria. Controlled folder access is a defense-in-depth feature and the reported technique requires elevated permissions on the target machine."

Our perspective

Given this and the other advanced features Thanos sports, you can bet that it's going to see increasingly widespread use. Ultimately, this will force big tech firms to take action, but not before the malware has the opportunity to do serious damage. Be on the alert for this one. Thanos is a serious threat.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there!" ~


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. I have created cost-effective personal service automation solutions, for over 20 years, specializing in reliability, cybersecurity, and regulatory compliance. I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association