Thanos Ransomware First to Weaponize RIPlace Tactic

[silversurfer]

Content source

https://threatpost.com/thanos-ransomware-weaponize-riplace-tactic/156438/

Researchers have uncovered a new ransomware-as-a-service (RaaS) tool, called Thanos, which they say is increasing in popularity in multiple underground forums.

Thanos is the first ransomware family observed that advertises the use of the RIPlace tactic. RIPlace is a Windows file system technique unveiled in a proof of concept (PoC) last year by researchers at Nyotron, which can be used to maliciously alter files and which allows attackers to bypass various anti-ransomware methods.

Beyond its utilization of RIPlace, Thanos does not incorporate any novel functionality, and it is simple in its overall structure and functionality. But this ease-of-use may be why Thanos has surged in popularity amongst cybercriminals, according to Wednesday research from Recorded Future’s Insikt Group, shared with Threatpost.

Thanos Ransomware First to Weaponize RIPlace Tactic

Researchers say the new Thanos ransomware-as-a-service is the first ransomware family to feature the weaponized RIPlace tactic.

threatpost.com