A relatively new threat actor named Azov ransomware is wiping victims’ systems and framing prominent security researchers as the culprits.
While all those researchers came up defending against it, they also warned that there’s no way a victim of Azov ransomware can get back his files. And it’s because the gang doesn’t share anyway to contact them and states no ransom demand.
Azov Ransomware-cum-Data Wiper
As we’ve seen in the past, a new ransomware group called Azov is now framing well-known security researchers and companies as culprits of its operations, triggering confusion in the community.
Quashing those claims , the framed researchers said the Azov ransomware spreads through SmokeLoader – a botnet that sells or rents access to its trojan-infected system for deploying other malware. Ransomware actors buy such access points and deploy their ransomware malware.
SmokeLoader, in return, hits victims through cracked software, game modifications, cheats, and key generators. Using this, Azov ransomware encrypts the target’s machine and leaves a ransom note named RESTORE_FILES.txt in all the folders encrypted.
While there’s no contact information in those ransom notes, the Azov gang mentions certain security researchers and firms (Hasherazade, BleepingComputer, MalwareHunterTeam, Michael Gillespie, and Vitali Kremez in this case) as culprits.
This thing started to spread about 2 weeks ago already. One of the spreading methods (or the only one?) of this shit looks someone just bought installs in the malware distribution networks / botnets that are used to spread some stealers, the STOP/Djvu ransomware, etc. ???? ???? (1/X) https://t.co/ndcDyoHDTv pic.twitter.com/3Y4vw1LlZq — MalwareHunterTeam (@malwrhunterteam) October 30, 2022
