Thanos (ransomware)

Thanos (named after the marvel supervillain Thanos) is a malicious ransomware. According to the FBI, it was created by Venezuelan-French cardiologist Moises Luis Zagala Gonzalez. The malware first appeared around February 2020, and is written in the programming language C#. It works by fully encrypting the victim's files and asking for a specific sum of money, usually via CryptoCurrency such as Bitcoin. The ransomware is known to be highly advanced; evading antivirus software by rebooting the computer on safeboot. It also has a customisable interface where the attacker can modify the ransomware message, choose whether the malware will self-delete after attacking, and more. Zagala advertised the ransomware on various darknet marketplaces, where Cybercriminals are known to meet. Zagala also created Jigsaw v.2., a successor to the Jigsaw ransomware, which worked similarly to Thanos by encrypting the victim's files and asking for a ransom. This time, however, if the user tried to remove the malware from their computer or tried to reboot it, the software would "punish" the victim by erasing the entire harddrive. Emisoft released a decryptor key for Jigsaw v.2. in 2019.

Illicit cybercriminals have known to purchase the malware from Zagala, and have used it to take down multiple Israeli companies, resulting in significant financial losses and damage.

Background
Moises Luis Zagala Gonzalez a 55-year old cardiologist who, according to the Department of Justice, is known to reside in Ciudad Bolivar Venezuela, created the ransomware in February 2020. Zagala is believed to be self-taught in computer programming. He is known to use multiple aliases while advertising the malware, including "Nosophoros", "Aesculapius", and "Nebuchadnezzar" and has a crew of over 5 to 20 people who work with him.