Thanos (ransomware)

Thanos (named after the marvel supervillain Thanos) is a malicious ransomware.^[1] According to the FBI, it was created by Venezuelan-French cardiologist Moises Luis Zagala Gonzalez.^[2] The malware first appeared around February 2020, and is written in the programming language C#. It works by fully encrypting the victim's files and asking for a specific sum of money, usually via CryptoCurrency such as Bitcoin. The ransomware is known to be highly advanced; evading antivirus software by rebooting the computer on safeboot. It also has a customisable interface where the attacker can modify the ransomware message, choose whether the malware will self-delete after attacking, and more. Zagala advertised the ransomware on various darknet marketplaces, where Cybercriminals are known to meet.^[3] Zagala also created Jigsaw v.2., a successor to the Jigsaw ransomware, which worked similarly to Thanos by encrypting the victim's files and asking for a ransom. This time, however, if the user tried to remove the malware from their computer or tried to reboot it, the software would "punish" the victim by erasing the entire harddrive. Emisoft released a decryptor key for Jigsaw v.2. in 2019.^[4]

Illicit cybercriminals have known to purchase the malware from Zagala, and have used it to take down multiple Israeli companies, resulting in significant financial losses and damage.

Background[edit]

Moises Luis Zagala Gonzalez a 55-year old cardiologist who, according to the Department of Justice, is known to reside in Ciudad Bolivar Venezuela, created the ransomware in February 2020. Zagala is believed to be self-taught in computer programming. He is known to use multiple aliases while advertising the malware, including "Nosophoros", "Aesculapius", and "Nebuchadnezzar" and has a crew of over 5 to 20 people who work with him.^[5]

References[edit]

^ Ogriki, I.; Beck, C.; Heydari, V. (2022). Technical Analysis of Thanos Ransomware. International Conference on Cyber Warfare and Security. Vol. 17. pp. 497–504. doi:10.34190/iccws.17.1.62.
^ Zagala Gonzalez, Moises Luis. "Moises Luis Zagala Gonzalez (fbi.gov)" (PDF). FBI. Retrieved 10 November 2022.
^ "Thanos ransomware and variants". Zscaler. Retrieved 10 November 2022.
^ "Cardiologist Charged for Developing Jigsaw v.2 and Thanos Ransomware". Hackreader. 17 May 2022. Retrieved 12 November 2022.
^ "Hacker and ransomware designer charged use and sale of ransomware". Department of Justice. (DOJ). 16 May 2022. Retrieved 11 November 2022.

This malware-related article is a stub. You can help Wikipedia by expanding it.

[1] Ogriki, I.; Beck, C.; Heydari, V. (2022). Technical Analysis of Thanos Ransomware. International Conference on Cyber Warfare and Security. Vol. 17. pp. 497–504. doi:10.34190/iccws.17.1.62.

[2] Zagala Gonzalez, Moises Luis. "Moises Luis Zagala Gonzalez (fbi.gov)" (PDF). FBI. Retrieved 10 November 2022.

[3] "Thanos ransomware and variants". Zscaler. Retrieved 10 November 2022.

[4] "Cardiologist Charged for Developing Jigsaw v.2 and Thanos Ransomware". Hackreader. 17 May 2022. Retrieved 12 November 2022.

[5] "Hacker and ransomware designer charged use and sale of ransomware". Department of Justice. (DOJ). 16 May 2022. Retrieved 11 November 2022.

[1]

[2]

[3]

[4]

[5]