+5 votes
181 views
in Help by (242k points)
reopened
How to decrypt files encrypted by Thanatos Ransomware.

1 Answer

+3 votes
by (1.6m points)
edited
 
Best answer

How to remove file encryption from your computer caused by Thanotos Ransomware.

Ransomware-type malware is becoming more and more popular, which makes it very common for our computer to become infected with this malicious software. For all those who do not know what we are talking about, you should know that Ransomware like Thanatos, is a type of malware that hijacks the files on your computer and requests a ransom to free them.

image

You may also be interested in:  How to identify the Ransomware malware that infects your PC.

In general, what the Ransomware malware does is encrypt certain files on your computer that are either very valuable to you or vital files for the operation of your computer. The malware developers will demand the payment of a certain amount of money in order to decrypt these files to reuse your computer and files correctly..

However, what many users don't know is that even if you decided to pay for the release of your files, this will not happen. In other words, it is a scam in which the affected party pays to release his files, but this will never happen. It is for this reason that you should NEVER pay the amount demanded by the Ransomware with which your computer has been infected.

Currently, there is a wide variety of Ransomware that circulates on the internet, or on messaging platforms. What is true is that recently a wave of Thanatos ransomware is being experienced which is spreading with some speed through the Discord platform..

The name Thanatos comes from the Readme file that hackers plant in the user's operating system. This file will show the instructions for users to pay a ransom for their files by making the payment using cryptocurrencies. This payment will give you access to a decryption tool to decrypt the files that the ransomware encrypts on the user's computer.

image

Thanatos places its files in the % APPDATA% / Roaming directory using random directories and the names of the executables they generate using system boot. Thanotos scans important directories such as documents, images, OneDrive, or desktop, and encrypts files in those directories using AES encryption..

Thanks to the Talos Cisco group it is possible to decrypt the files encrypted by the Thanotos Ransomware on your Windows 10 computer and that will free you from paying the ransom. Here we show you how to do it:

How to remove file encryption from your computer caused by Thanotos Ransomware.

The first thing we will have to do is download the Tahnatos Decryptor program , which you can do from the following link: ThanatosDecryptor

Once you have downloaded it, you will have a Zip file which you must unzip. At this point you should run the ThanatosDecryptor file. In this way ThanatosDecryptor will scan the directories that the Thanatos malware targets files with the extension .THANATOS

image

Each encrypted file includes a reference to the original file type, and the decryption application uses the information to determine whether or not it should attempt to decrypt the file. However, it should be noted that at the moment the program is only capable of decrypting files with formats: .gif, .tif, .tiff, .jpg, .jpeg, .png, .mpg, .mpeg, .mp4, .avi, .wav .doc, .docx, .xls, .xlsx, .ppt, .pptx, .pdf, .odt, .ods, .odp, .rtf, .zip, .7z, .vmdk, .psd, and .lnk.

In other words, if the Thanatos malware encrypted unsupported file types, ThanatosDecryptor will not be able to decrypt them at this time.

Undoubtedly, nowadays you have to be very careful with any file downloaded or received through the internet since any of them can be Ransomware-type Malware such as Thanatos and encrypt the files on your computer. Fortunately, tools like this can help us recover our files without paying a ransom for them.


...