Thanatos Ransomware Removal Guide

Do you know what Thanatos Ransomware is?

Thanatos Ransomware can infiltrate your system without your noticing it and encrypt your files before you could do anything against it. "Thanatos" is actually a Greek word meaning "death," which sound quite sinister. And, of course, you should indeed take this threat seriously because you could lose all your important personal files (photos, documents, and databases) in this malicious attack. These cyber crooks offer you the decryption key for a certain amount of money, but we do not believe that this is the right way to go about it. Please note that by paying the ransom, you would support cyber criminals to commit further online crimes. Of course, we cannot and do not judge you if you decide to do so because your files are that important and valuable. But please keep in mind that you may not only lose your files but your money as well since cyber crooks rarely keep their word. It is more likely that they infect you with another dangerous threat than that they send you the decryption key. We think that it is best for you to remove Thanatos Ransomware from your PC as soon as possible.

If you find this malware infection on board, it is quite likely that you have received a spam e-mail recently and you opened it as well as its attachment. This ransomware can be distributed as an attached file, which may appear to be a document or an image file. The only reason why most victims fall for this spam and run the attachment is that this spam can look legitimate and tempting enough. For example, you may get a spam claiming that you have not paid for parking or speeding fine. Even if you cannot recall being fined, you would be eager to see what this mail has to tell you. When you open this spam, it will not give you too much information about the alleged matter. Instead, you will be instructed to view the attached file. Remember that running this file will start up the malicious operations on your system. In other words, you will not be able to delete Thanatos Ransomware without losing your files to encryption.

Apart from becoming more cautious around your e-mails, you also need to keep your browsers and drivers updated regularly since you could be infected via so-called Exploit Kits. This can happen when you click on unsafe third-party banner and pop-up ads, or compromised links, and then, redirect to a malicious page. This page could be set up using Exploit Kits like RIG. So when your outdated browser loads this page, malicious scripts start operating and drop such a dangerous infection in the background. We cannot confirm that this particular ransomware also uses this method but you certainly consider these preventive steps if you want to save yourself the headache of deleting Thanatos Ransomware or any other threats from your computer.Thanatos Ransomware Removal GuideThanatos Ransomware screenshot
Scroll down for full removal instructions

This ransomware program applies a new key for every file to be encrypted. The affected files add a ".THANATOS" extension, so they will look like "my_image.jpg.THANATOS." If you want to see how many of your files have been rendered useless, you can use your File Explorer and search for this extension. This infection does not use a full-screen application window to display its ransom note while blocking your screen; it simply creates "Readme.txt" on your desktop.

This note contains limited information about the payment. You are told to pay 0.01 Bitcoin, which is around 105 USD currently, to "1DRAsxW4cKAD1BCS9m2dutduHi3FKqQnZF" Bitcoin address. You are supposed to get a reply message from "" upon payment with the decryption key. Unfortunately, we cannot confirm that you will get this key but we do not advise you to pay anyway. We recommend that you remove Thanatos Ransomware from your system right away.

You can use our instructions below if you are ready to use manual removal. It is really not too complicated since this malware infection actually removes itself once its mission is accomplished. Hopefully, you see now why it is so crucial to have a backup of your files saved and stored somewhere safe (cloud or portable hard drive). Our researchers say that it might be possible to decrypt this ransomware, so there is actually a chance for you to restore your files. If you want to keep your PC safe, may be it is a good opportunity to install a trustworthy anti-malware program, such as SpyHunter.

Thanatos Ransomware Ransomware from Windows

  1. Tap Win+R and enter regedit. Press OK.
  2. Remove this registry value name: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run | DO_NOT_DELETE_THIS (where the value name is "C:\Windows\System32\notepad.exe C:\Users\user\Desktop\README.txt")
  3. Close your editor.
  4. Tap Win+E.
  5. Bin "Readme.txt" (the ransom note) from your desktop.
  6. Empty the Recycle Bin and restart your PC.

In non-techie terms:

Thanatos Ransomware is a new threat that can spoil your day by encrypting your precious files only to demand a ransom for the decryption key. This dangerous infection can show up on your system without your knowledge and take all your personal files hostage. We do not think that it is the best solution to pay the ransom because you have no guarantee that these attackers will really send you the key. On the other hand, it would be like supporting online crime. It is possible that this ransomware is decryptable even if it uses a different key for each file to be encrypted. You can easily infect your computer with this threat via spam e-mails. We advise you to remove Thanatos Ransomware right away. If you are not the manual type and lack the necessary IT skills, we suggest that your defend your PC with a powerful anti-malware program as soon as possible.