If you can locate README.txt on your Desktop and, on top of that, almost all your personal files have been locked, Thanatos Ransomware, a newly-detected ransomware infection, must have infiltrated your computer. This infection always tries to slither onto computers unnoticed, but the majority of users find out about its successful entrance soon because they notice that they can no longer access those files they need. Researchers working at 411-spyware.com say that this ransomware infection locks documents, pictures, music, and all other files the majority of users consider the most valuable. Free decryption software was not available at the time of writing. In addition, it is never a good idea to purchase decryption software from cyber criminals. Therefore, we cannot promise that you could unlock those encrypted files. In any event, the ransomware infection needs to be fully removed from the system. As has been observed, it deletes its executable file after encrypting data on victims’ computers, so the only component you will need to erase to delete this infection fully is its ransom note.
We do not consider Thanatos Ransomware sophisticated malware because its working scheme is quite simple. Once it infiltrates computers, it scans the system to find out where users’ personal files are located and then encrypts all these files mercilessly. You could tell which of them have been locked by looking at your data – encrypted files will have the .THANATOS extension placed next to their original extensions, for example, file.exe.THANATOS. The ransom note README.txt tells users that they will lose all encrypted data if they do not pay 0.01 BTC to the provided BTC address. It should be noted that this ransom note will be opened to you automatically on system startup if you do not remove it fully because it creates a Value in the Run (HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run) registry key allowing it to open together with the Windows OS. Do not send your money to malicious software developers even if you can afford it because you might not get the decryption code from them. Users are told that they “will receive the decryption code from this mail firstname.lastname@example.org,” but we cannot guarantee that you will get it. There are many users who do not get promised decryption tools from crooks, so our piece of advice for all computer users would be not to transfer a cent to cyber criminals no matter what kind of malicious application they encounter.
Thanatos Ransomware is not one of those prevalent ransomware infections, so researchers still do not know much about the distribution of this malicious application. According to them, this threat should be spread via spam emails, but it must be only one of several distribution methods used to spread it. Malicious files launching ransomware are disguised as harmless-looking documents. Because of this, users open them and become the ones responsible for allowing malware to enter their computers. Users should carefully inspect new software before installing it on their systems as well because they might download malware from the web by mistake. Unfortunately, we cannot promise that this will be enough to prevent all harmful infections from entering the system because some threats are sneaker if compared to others and, because of this, we recommend taking more serious security measures if you want to live without malware. The installation of security software should be enough to avoid harmful threats, so install it right after you erase Thanatos Ransomware.
According to researchers, since Thanatos Ransomware does not have many components and deletes its executable file after it performs its main activity, i.e. encrypting files on victims’ computers, it should not be very hard to erase this infection. Of course, it is not very likely that less experienced users could get rid of it manually without any guidance, so if you consider yourself one of them, you should scroll down and use instructions you find there. You will only need to delete the ransom note from your Desktop and eliminate the Value associated with it from the system registry in order to make sure it cannot be opened to you automatically. Alternatively, this nasty ransomware infection can be removed from the system with an antimalware scanner, but we want to emphasize that it could not unlock those encrypted files for you either.