Thana Ransomware

The Thana Ransomware is a file-locking Trojan that can block your Windows PC's digital media, including documents or pictures. Since the means of its doing so is an encryption routine of questionable reverse-engineering status, users should have backups ready as a favored recovery solution. Anti-malware products are helpful for removing the Thana Ransomware infections or stopping them before the attacks happen equally.

A Costly Look-Alike Problem to Encounter

Tracing the genealogies of file-locking Trojans may take winding paths, even though many of the origins end up back at the expected starting points of a Ransomware-as-a-Service family. However, every new threat in the field demands an additional inspection, and appearances aren't always reliable factors. For instance, the Thana Ransomware, which drops a ransom note much resembling those of Globe Ransomware's RaaS, is independent.

The Thana Ransomware is one of a long series of independents in its category that target Windows environments and include .NET Framework requirements for running, like the Ranion Ransomware group. Besides establishing persistence and making various system changes for gaining maximum access to the user's files, the Thana Ransomware includes more-obvious attacks related to blocking data and extortion. These features are as follows:

• The Thana Ransomware uses a standard, AES encryption routine for locking documents and other files.
• Blocked files also acquire 'thana' extensions that the Trojan appends to the ends of their names. Unlike most RaaSes, there is no other information, such as an e-mail address or a serial.
• The Thana Ransomware leaves TXT files in these files' folders, which are its primary ransoming messages for selling the unlocker.
• The Thana Ransomware also supplements its texts with a pop-up that strongly resembles Globe Ransomware's Web pages, although not with identical content. The inclusion of Jabber support is a notably less-common element.

Although the Thana Ransomware asks for five hundred USD in Bitcoins, malware researchers see no payments to its wallet as of mid-April 2020. Paying doesn't guarantee to get a decryptor or that it will work as the instructions claim.

Escaping from Being Part of the Thana Ransomware's 'Clientele'

Although the Thana Ransomware's ransoming messages are in English, they include errors that imply that the threat actor is using an automatic translator – or doesn't care about typoes significantly. Some of the Thana Ransomware's installers also use the name of 'Client-0,' without disguising the executable, which may provide a clue as to the propagation spam at work. Criminals distributing file-locking Trojans can do so through e-mail phishing, malvertising, torrents, or just by brute-forcing a server's login combination.

The Thana Ransomware's campaign isn't using digital signatures or other, expensive or sophisticated ways of concealing the Trojan. Despite its limitations, Windows users should act upon it as if it threatens all files on their PC's drives and use suitable precautions such as a remote backup. Decrypting the Thana Ransomware's locked media could be possible, but malware experts can offer no firm guarantees, for now.

Anti-malware applications are identifying the Thana Ransomware appropriately in many cases. Users can raise their chances of detection by updating their security software when appropriate and offering samples to reputable security researchers.

The Thana Ransomware is a pretender to Globe Ransomware's throne, but a claimant with just as deadly a payload. No one should look down upon even the smallest of small-time Trojans, which can hold consequences just as terrible as those of the most infamous hacking campaigns.