My work got hit with the THOR version late last week. Fortunately it was contained to one home directory and less than a 100 files on a share drive (all were available via backups).
Does this ransomware only encrypt files? Or can it also send the encrypted files back to the C&C servers to steal the data?
Feel free to move to appropriate forum if this is better suited somewhere else.