New Azov Ransomware Can Wipe Your Data Clean — Here’s What We Know

New Azov Ransomware Can Wipe Your Data Clean — Here’s What We Know

Updated: 22 days, 2 hours, 37 minutes, 17 seconds ago

There is a new ransomware in the wild that doesn't behave like its contemporaries.

Security experts have recently found ransomware that instead of holding people's data hostage for money, simply corrupts them little by little until nothing remains.

There is no method that would help people recover their files corrupted by the Azov Ransomware, per Bleeping Computer.

Azov Ransomware Details

Azov Ransomware is a type of malware that hackers made specifically to corrupt a victim's data instead of encrypting them like other ransomware. According to Checkpoint security researcher Jiří Vinopal, once a victim gets infected by the ransomware, their whole computer is "basically dead." 

The ransomware may have gotten its name from the Ukrainian Azov Regiment, a far-right all-volunteer infantry military unit that harbors neo-Nazi and white supremacist ideology, per Al Jazeera.  

The ransomware is distributed through the Smokeloader malware botnet that other hackers can rent or buy "installs" to distribute their own malware on infected devices. As such, the Azov ransomware is commonly distributed through websites offering fake software cracks, game modifications, cheats, and key generators.

Once the ransomware enters a victim's computer, it would lay dormant until Oct. 27 at 10:14 AM UTC. After which, it would start corrupting all their victim's files until nothing remains.

Vinopal said that the ransomware would overwrite 666 bytes worth of data and then corrupt them. Additionally, it is programmed to alternate between random data, which was the data it overwrote, and original data, which is the data it left as it was before corrupting them. 

Standard antivirus scans won't be enough to detect the ransomware as it creates a backdoor for it to get through it unharmed. As a result, the ransomware can run in the background when its victim runs a seemingly innocent executable.

Read More: NASA's Perseverance Rover Encounters Problems with Sample Due to Dust

The ransomware comes with a ransom note despite the fact it isn't holding the victim's data hostage. According to the note, victims should contact security researchers like BleepingComputer, Hasherazade, MalwareHunterTeam, and Vitali Kremez to help them remove the malware, implying that they are part of its operation. 

However, these security researchers are not involved with the operation of the Azov software, and they cannot help its victims. 

Additionally, the hacker wants its victims to bring their attention to the conflict between Ukraine and Russia, with the malware corrupting their data in protest of Crimea's seizure. 

The ransom note said that the Western countries are not helping Ukraine enough in its conflict with Russia and that the malware's victims must "go to the streets" to stop the war. 

How To Remove Azov Ransomware

Unfortunately, there is no way security researchers can remove the malware from a victim's computer as it corrupts data instead of encrypting them. 

As such, reformatting the whole computer is necessary to fully remove the Azov Ransomware from their computers. 

Additionally, PC Risk and the New Jersey Cybersecurity & Communications Integration Cell advise people to avoid downloading files from untrustworthy and illegitimate websites and to be careful about opening links or attachments sent via email. 

Lastly, if a victim believes their computer is affected, they should immediately change the password for any accounts that use the same password. Enabling two-factor authentication is also recommended.

Related Article: Aurubis AG Forced to Shutdown IT Systems After Cyberattack

hit counter