A new strain of ransomware called Azov is currently being distributed through adware bundles, pirated software downloads, and key generators.
What sets this one apart from other ransomware variants, however, is that it frames established cybersecurity researchers by blaming them for the attack. For instance, the ransomware claims that it was created by Hasherezade, a programmer and a malware analyst.
The ransom note says that Azov is encrypting devices in protest of Crimea's seizure and because western countries are not doing enough to help Ukraine in the war against Russia.
To decrypt affected files, the note instructs victims to contact security researchers Lawrence Abrams, Michael Gillespie, and Vitali Kremez, as well as BleepingComputer, MalwareHunterTeam, and VK Intel on Twitter. Given that these people and organizations are not associated in any way with the ransomware, they will not be able to assist in removing the ransomware. This also makes it impossible to contact the real threat actors to pay the ransom.
To be clear, BleepingComputer and myself are not affiliated with 'Azov' ransomware or any other malware.
— Lawrence Abrams (@LawrenceAbrams) October 30, 2022
Sadly, people have already contacted me to receive help decrypting files, including a victim in Ukraine, and we have no way of helping at this time. https://t.co/qLLYwxg5GF
According to MalwareHunterTeam, the Azov ransomware started spreading about two weeks ago. The threat actor behind it appears to have purchased 'installs' through the SmokeLoader malware botnet to deliver the new strain. SmokeLoader is a malware botnet that cybercriminals use to create their own malware. It is normally distributed in websites advertising fake key generators, cheats, software cracks, and game modifications.
Some systems that have been encrypted by the Azov ransomware have also been infected with RedLine Stealer malware and STOP ransomware, BleepingComputer states.
To protect your systems from ransomware attacks, refrain from visiting potentially malicious sites and always be careful when opening unsolicited emails. Make sure as well to to have a backup of your files so you can easily recover them in case your files get encrypted. Finally, ensure that your antivirus and anti-malware software are up-to-date so they can prevent ransomware and other malware from infecting your devices.
Source: BleepingComputer
2 Comments - Add comment