Click on screenshot to zoom
Danger level 6
Type: Trojans
Common infection symptoms:
  • Slow Computer
  • System crashes
  • Connects to the internet without permission
  • Installs itself without permissions
  • Can't be uninstalled via Control Panel

Thanatos Ransomware

Thanatos Ransomware is one of those malicious applications that lock users’ files once they infiltrate their computers. Without a doubt, it wants money from users because it drops a ransom note demanding 0.01 BTC after locking victims’ pictures, documents, music, and other important files. This infection is quite unique in a sense that it uses a new key for every file it locks and, as has been observed by our researchers, it does not save those keys anywhere, which suggests that you might not be able to unlock those encrypted files. You should also not go to purchase the decryptor from cyber criminals behind this malicious application. Never pay money to crooks no matter what kind of infection you encounter because there are no guarantees that you will receive what they promise to give you. What you should do instead is to erase malicious software from your system right away. Speaking about Thanatos Ransomware, it deletes its executable file after encrypting victims’ files, but it leaves README.txt and a Value in the Run registry key. If you do not take care of them, you will find the ransom note opened on your screen each time you turn on your computer. We are sure you will find this irritating sooner or later.

Even though Thanatos Ransomware is considered a new ransomware infection, it does not differ at all from other ransomware-type infections analyzed by our specialists some time ago. Once it affects users’ computers, it locks almost all files on them mercilessly. Unfortunately, this means that its successful entrance always results in the loss of the most valuable files. You could easily say which of your files have been locked and which are fine because those encrypted ones will get the .THANATOS extension appended. Original names and extensions of files will not be changed by this ransomware infection. Another sign showing that the entrance of Thanatos Ransomware was successful is the .txt file (README.txt) on Desktop (%USERPROFILE%\Desktop). It contains the following message:

Your computer is encrypted. All data will be lost if you do not pay 0.01 BTC to the specified BTC wallet


after payment you will receive the decryption code from this mail

Cyber criminals ask 0.01 BTC in exchange for the decryption code, but you should not transfer a cent to them because they might not give anything to you. In such a case, you will not get your money back either. We are not going to lie to you – it might be impossible to unlock those encrypted files without the decryption code. Free decryption software is not available either. The only way to get encrypted data back for free is to restore all these files from a backup.

Researchers at do not have much information about the distribution of Thanatos Ransomware because it is a newly-discovered threat and, consequently, its infection rate is quite small; however, they suspect that it does not differ from similar threats at all. According to them, the chances are high that this ransomware infection is distributed via spam emails. It affects users’ computers when they open the malicious attachment. Also, users might download this threat from the web themselves. Of course, they do not know that they click the Download button to get malicious software. They find out about its entrance only when they discover the ransom note on their Desktops and a bunch of encrypted files. It does not mean that new malicious applications could not enter your system after you erase Thanatos Ransomware from your PC. Luckily, you can prevent this from happening to you. You will protect your system against malware by simply installing an antimalware tool on your PC. The sooner you do that, the better because new harmful malware is developed every day.

You do not need to remove the executable file of Thanatos Ransomware because it removes itself once victims’ files are encrypted. You will only need to delete README.txt and the Value from the Run registry key that automatically opens it on system startup. You should follow the step-by-step manual removal instructions provided below if you have never deleted any harmful malicious application. It should be noted that your files will not be unlocked once you fully remove Thanatos Ransomware.

How to delete Thanatos Ransomware

  1. Tap Win+R.
  2. Type regedit.exe in the command line and click OK.
  3. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
  4. Right-click on the DO_NOT_DELETE_THIS Value and select Delete.
  5. Close Registry Editor.
  6. Remove README.txt from your Desktop.
  7. Empty Recycle bin.
Download Spyware Removal Tool to Remove* Thanatos Ransomware
  • Quick & tested solution for Thanatos Ransomware removal.
  • 100% Free Scan for Windows

Post comment — WE NEED YOUR OPINION!

Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.