"Overwriting the MBR is a more destructive approach to ransomware than usual," researchers said, "Victims would have to expend more effort to recover their files – even if they paid
the ransom; fortunately, in this case, the code responsible for overwriting the MBR caused an exception because the ransom message contained invalid characters, which left the MBR intact and allowed the system to boot correctly." Even though they failed to
overwrite the compromised computers' MBRs, the Thanos operators still dropped ransom note they regular way by creating HOW_TO_DECIPHER_FILES.txt text files and asking the victims to pay $20,000 to recover their data. The researchers think that the attackers
gained access to the targets' networks before the ransomware payloads were deployed since they were able to find valid credentials within the samples recovered after the attack.
Learn more >