Researchers said that a series of ransomware programs known as Thanos, software designed to disrupt computer booting, hit government institutions in the Middle East and North Africa in July.

These attacks are considered the latest, targeting key organizations in the region and using data-scanning tools, and the motives behind the attacks remain unknown.

According to analysts at Palo Alto Networks, the cyber scoop reported that ransomware attacks used Thanos, a type of malware that appeared earlier this year and gained momentum in secret forums among ransomware gangs.

And Thanos is selling the service to other interested hackers, which makes it difficult to track attacks, and allows users to develop their own custom features.

Typically, a hacker interested in obtaining the funds does not use software that disables the device, making it difficult for the victim to deliver the ransom, however, this is exactly what the perpetrators of the July attacks attempted to do.

Their version of Thanos contained a destructive component designed to overwrite the computers' main boot file (MBR) that tells the device how to start up, according to Palo Alto Networks.

It is not clear if the hackers really wanted the $ 20,000 they requested in a note left on the devices, nor is it clear whether the victims paid the ransom.

Using destructive code in ransomware attacks could confuse who is responsible and motive (Reuters)

Allan Liska, a ransomware specialist at Recorded Future, said, “Overwriting the master boot record of computers is not a common thing in Thanos attacks, which means that it may be attacks that are intended to destroy but are designed to appear. Such as ransomware attacks. "

Researchers in Palo Alto Networks' 42 Security Unit did not specify the victims or speculate on who was behind the attacks.

But they said the perpetrator himself may have used a similar type of Thanos to attack another state-run organization in the Middle East last July.

And Liska returned to say: One of the advantages that Thanos provides is ease of use, as the simple control panel and its ability to adapt to any type of attack is very popular in secret forums.

In December, IBM analysts uncovered previously unknown malware they said had been developed by Iranian hackers, and the code was used in a data-wiping attack against energy and industry organizations in the Middle East.

The use of destructive code in ransomware attacks can camouflage who is responsible, and why.

For example, Norwegian authorities did not identify the culprit after the 2019 ransom demand attack that damaged tens of millions of dollars of aluminum giant Norsk Hydro.