VERY IMPORTANT

Thanos ransomware burst onto the scene in late 2019, advertised in various forums and closed channels. Thanos is a RaaS (Ransomware as a Service) which provides buyers and affiliates with a customized tool to build unique payloads. This tool is far more complex and robust than many previous builder-based ransomware services such as NemeS1S and Project Root. The generated payloads can be configured with numerous features and options. Many of the options available in the Thanos builder are designed to evade endpoint security products, and this includes the use of the RIPlace technique. To date, Thanos appears to be the only widely-recognized threat making use of RIPlace, although the feature was not always part of the Thanos toolset.