The majority of ransomware, hence the term, aims to extort a ransom for the release of files. The malicious persons behind the attack may or may not be able to support their claims, but a new version of the Azov Ransomware doesn’t care. As though they were the malware’s creators, it instructs infected people to get in touch with security experts and the cybersecurity publication BleepingComputer rather than demanding Bitcoin. This is simply an effort to blame the good guys, though.
Azov is more appropriately referred to as a data wiper even though it exhibits certain ransomware-like characteristics and portrays itself as such. After purchase installations via the upgraded virus, the SmokeLoader malware, it started to surface on systems over the past several days. SmokeLoader is frequently purchased from shady websites that provide key generators, software cracks, and game cheats. This botnet is used to spread a variety of malicious hacking tools, including additional ransomware. Some people have even had their PCs double-encrypted by Azov and the STOP ransomware.
When introduced to a system, the virus often includes a Windows registry key and launches itself from a temporary directory. The executable searches across every drive on the system for files without ini, exe, or dll extensions. When it comes upon something else, such as a video, image, or document, it encrypts it and terminates it with the.azov file extension.
Azov generates the “RESTORE FILES.txt” text file, which you can see above, in each folder containing encrypted data. The typical ransomware would typically demand payment at this point in order to unlock the files. The text document, according to BleepingComputer, purports to be produced by Hasherezade, a malware analyst and security researcher from Poland. Users are advised to contact Hasherezade, Vitali Kremez, Lawrence Abrams of BleepingComputer, and other cybersecurity experts on Twitter, according to the document. In a statement, Hasherezade points out that malware writers frequently attempt to frame researchers.
Naturally, none of those individuals will be able to decrypt the files, but that was not the intention. The attackers appear to aim to link these people to the attack while also causing havoc online. Additionally, the pamphlet contains certain overtly pro-Russian claims regarding the conflict in Ukraine while posing as advocacy for peace. The files that Azov encrypted might eventually be decrypted, but for now, they should be regarded as toast.
