<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=179060&amp;fmt=gif">

Minerva Labs Blog

News & Reports

How Minerva Labs Protects Against Thanos Ransomware

Thanos ransomware is a relatively new strain of malware, seen as of late 2019. it Is part of the RaaS (ransomware as a service) trend in which ransomware code and builders are sold on underground forums.

Multiple targets in the Middle East have recently been attacked by Thanos ransomware, as reported by Palo Alto’s Unit 42.

 

The initial infection uses a powershell script in order to execute the malware and spread it across the network. The lateral movement is achieved using the wmic command, a common Living Off the Land tactic used by threat actors.

 

The ransomware execution is accomplished using APC injection for malicious code loading.

 

Minerva Labs product blocks both capabilities with its Living Off the Land protection and Memory Injection protection.

 

The malicious powershell script is blocked, and an event is generated:

IOCs:

Hash:

06d5967a6b90b5b5f6a24b5f1e6bfc0fc5c82e7674817644d9c3de61008236dc

Subscribe to Our Blog

Topics

see all