Thanatos Ransomware

What is Thanatos Ransomware?

If you find out that Thanatos Ransomware has managed to slither onto your computer, you may have to say goodbye to all your important files. This ransomware can encrypt your files and demand a ransom fee from you so that you can get the decryption key. Our malware specialists at say that based on the amount of the ransom as well as the e-mail address used, these cyber criminals might come from Russia even though the name of this threat is Greek for "death." Of course, all this could be a diversion so we cannot really confirm this. It seems that your encrypted files might be decryptable and you can find information about it on the web. However, if you are not an advanced computer user, we do not advise you to try to search for such information or free decryption toll, either, because it is not without risk. Hopefully, you have a backup of your important files so that you can use clean files to recover them. If not, this may be a good time to start saving a backup if you do not want to lose files again. We do not advise you to pay the ransom. We strongly recommend that you remove Thanatos Ransomware from your computer immediately.test

Where does Thanatos Ransomware come from?

Just like in the case of most ransomware programs, this malware infection is also mainly spread via spam mails. You need to know that spams of today are not as conspicuous as they used to be with their dodgy sender names, e-mail addresses, and subject lines. This spam may actually be completely authentic-looking and may even give you the feeling that it contains "must-see" information about an allegedly urgent matter. Most people would consider it urgent to open a mail that is about suspicious transactions your bank has detected on your account, an unsettled invoice you could be overdue with, and so on. These criminals simply play with your curiosity. However, once you open this spam, you will not know any more about this supposed matter since the details are claimed to be contained in the attached file. This attachment may look like a document or a picture file, but, in reality, it is the malicious .exe file in disguise. Even the file type icon could be changed to suggest that it is an image or a text file. But be prepared for the worst when you decide to click to see such an attachment because you will not be able to delete Thanatos Ransomware without serious consequences.

It is also important that you keep all your programs, including your browsers and drivers, up-to-date because cyber villains can set up traps on the web in the form of malicious websites hosting malicious scripts known as Exploit Kits. If you load such a site in your outdated browser, it can drop such a dangerous infection right away, you do not even need to engage with the page. Hopefully, you understand now what to do if you do not want to end up having to remove Thanatos Ransomware.

How does Thanatos Ransomware work?

Quite uniquely among ransomware infection, this threat uses a new key for each file for encryption, which is never saved. It targets all your important files so that you could be pushed to pay for the decryption. All the affected files get a ".THANATOS" extension, which is added to the original file name and extension. Once its operations are done, this malware deletes the executable file from your system. This threat drops its ransom note called "Readme.txt" on your desktop, which is set to autostart with Windows.

This is a short ransom note, which informs you that your files have been encrypted and you have to pay 0.01 BTC (around 100 US dollars at the moment) for the decryption key that you are supposed get in an e-mail from "" after the payment. The Bitcoin wallet address in also included in this note. Of course, we cannot encourage you to pay this fee even if it is not a huge amount. It is always risky to pay a ransom because cyber crooks tend to disappear right away. Instead, we recommend that you remove Thanatos Ransomware from your computer as soon as possible.

How can I delete Thanatos Ransomware?

As we have mentioned, the malicious executable is actually deleted after the operations are over. So, you do not need to have a headache at least about that one. It is still important, though, for you to remove the Run registry entry as well as the ransom note unless you would like to see it every time you switch on your computer. Please follow our instructions below if you want to get rid of these manually. If you do not think that you can keep your PC safe, we suggest that you download and install an anti-malware program, such as SpyHunter. Keep in mind that even if you protect your computer with a powerful security tool like that one, you still need to update all your programs to protect your computer against a possible cyber attack.

Remove Thanatos Ransomware from Windows

  1. Press Win+R and type regedit. Click OK.
  2. Delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | DO_NOT_DELETE_THIS | C:\Windows\System32\notepad.exe C:\Users\user\Desktop\README.txt" Run registry key.
  3. Exit the editor.
  4. Press Win+E.
  5. Delete the ransom note ("Readme.txt") from your desktop.
  6. Empty your Recycle Bin.
  7. Reboot your computer. 100% FREE spyware scan and
    tested removal of Thanatos Ransomware*

Leave a Comment

Enter the numbers in the box to the right *