Thanos Ransomware Attacks Now Disable Backups, Avoid Detection, and Impersonate the OS

Stu Sjouwerman | Jul 13, 2020

thanos ransomware attackRecent updates to the well-known Ransomware-as-a-Service – including the addition of RIPlace – make Thanos a formidable challenge for even well-secured organizations.

I’ve said it before and I’ll say it again: the bad guys operate just like the good guys. Cybercriminal organizations are just businesses with an evil go-to-market plan. And as such, they evolve and improve their software to have better features, to improve performance, and to produce a consistent and predictable result.

Recent developments to Thanos documented by security researchers at Sentinel Labs demonstrate this point exactly. Some of the improvements to Thanos include:

  • RIPlace technique for avoiding detection
  • Encryption speed enhancements
  • Disabling of 3rd party backup solutions
  • Ability to impersonate Windows SYSTEM via process hollowing
  • FTP-based reporting

And this is just a fraction of the improvements seen in Thanos over the last 3 months!

Organizations need to realize ransomware (in general) isn’t just encryption software; Thanos demonstrates the effort put into ensuring each step of an attack – from delivery, to installation, to lateral movement, to encryption – is successful. Add to this the fact that Thanos is Ransomware-as-a-Service – it’s available to any person that wants to start their own Ransomware “business”, multiplying the frequency and distribution of this malware.

From the looks of the improvements, once it’s installed, it’s going to see plenty of successes. So, organizations need to take steps to stop it before it starts; and that begins with the user not engaging with phishing emails. And that requires continual Security Awareness Training to both teach and reinforce the need to always be mindful about suspicious content when interacting with email and the web.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.