Researchers discovered a new ransomware-as-a-service RaaS tool, called Thanos, that is the first ransomware family to add the weaponize RIPlace tactic that enables it to bypass standard ransomware protection software. Researchers claim that Thanos is increasing in popularity in multiple different underground hacking forums. RIPlace is a Windows file system technique that was unveiled by researchers at Nyotron last year. RIPlace can be used to alter files and bypass various anti-ransomware protections.

Researchers report that Thanos is fairly simple in functionality and overall structure, and this east of use may have lead to its popularity among cybercriminals. Ransomware-as-a-service allows less-experienced hackers to use simple ransomware as part of their operations. Thanos was first discovered in January on an underground forum, developed by a threat actor named “Nosophoros.”