Malware Azov Ransomware - Novembre 2022

Azov Ransomware wants to destroy your PC data

Currently distributed globally, the “Azov Ransomware” malware is a real threat to our data and it has a clear goal: to destroy your machine’s data. Let’s take stock of this threat discovered a few weeks ago.

Cybercriminal behind this malware performs its distribution through cracks and pirated software, which can be found all over the web. To be more precise, it would be distributed through the Smokeloader botnet, which is found precisely on sites specializing in pirated software.

According to the ransom note deposited on the compromised devices, it would be a Pole nicknamed Hasherezade. In this same file, he evokes the war in Ukraine and shows his dissatisfaction with politicians, in particular Joe Biden, who does not help Ukraine enough. The ransom note ofAzov Ransomware gives no contact information to help victims recover their data (as is usually done with ransomware). Therefore, it can be considered to bea nasty data wiperthat’s to say malware that wants to destroy your data.

When a device is compromised, the malware remains dormant for a few days and then runs on a specific date to destroy the device’s data. In addition, Azov Ransomware makes sure to infect your machine’s executables: if reliable software installed on your machine is launched, it can, at the same time, launch the operation to destroy your data. This means that Windows must be completely reinstalled as a precaution.

Checkpoint security researcher Jiří Vinopal states that Azov Ransomware overwrites file data and then corrupts it by integrating chunks of data of an evocative size: 666 bytes. Diabolical. The security researcher clarifies:This works in a loop, so the final file structure would look like this: 666 bytes of random data, 666 original bytes, 666 bytes of random data, 666 original bytes, etc…

The name Azov is surely not chosen by chance, because it refers to an elite Ukrainian regiment. For the cybercriminal, it is surely a way to show his colors.



#Azov #Ransomware #destroy #data

Leave a Comment

Your email address will not be published. Required fields are marked *