Azov ransomware still targeting organizations around the world

The Azov ransomware, which previously framed security researchers in their operations, is still widely used around the world and has acquired a reputation as a data wiper that intentionally destroys the data of victims and infects other programs.

Azov ransomware authors use SmokeLoader to spread their malware, which can take the form of pirated copies of software or games. If the Ransomware malware is installed, it corrupts the system data and leaves a ransom note, which names a group of security researchers as their gang.

Azov ransomware would overwrite the contents of a file and corrupt data in alternating 666-byte chunks, rendering the entire file useless, despite the fact that half of the content was intact. The malicious intent of the threat actor is demonstrated by the use of the number 666 in its data corruption procedure, which is associated with the biblical Devil.

The malware is also said to open a “backdoor” that allows other 64-bit executables on the vulnerable Windows device to run. This path can be used to further destroy the system if desired.

When malware backdoors an executable file, it injects code that causes the data wiper to start when a seemingly harmless executable file is started.

While it is unclear why the threat actor spends money distributing a data wiper, researchers warn that there is currently no cure for the wiper. To avoid infection, users should avoid using cracked software and pirated copies of all files downloaded from the internet.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web