Cybersecurity Specialists Uncover Interior Workings of Harmful Azov Ransomware


Dec 13, 2022Ravie LakshmananKnowledge Safety / Endpoint Safety

Cybersecurity researchers have revealed the internal workings of a brand new wiper referred to as Azov Ransomware that is intentionally designed to deprave knowledge and “inflict impeccable harm” to compromised programs.

Distributed by means of one other malware loader referred to as SmokeLoader, the malware has been described as an “efficient, quick, and sadly unrecoverable knowledge wiper,” by Israeli cybersecurity firm Verify Level. Its origins have but to be decided.

The wiper routine is about to overwrite a file’s contents in alternating 666-byte chunks with random noise, a way known as intermittent encryption that is being more and more leveraged by ransomware operators to evade detection and encrypt victims’ recordsdata sooner.


“One factor that units Azov aside out of your garden-variety ransomware is its modification of sure 64-bit executables to execute its personal code,” menace researcher Jiří Vinopal stated. “The modification of executables is finished utilizing polymorphic code, in order to not be doubtlessly foiled by static signatures.”

Azov Ransomware additionally incorporates a logic bomb – a set of situations that must be met earlier than activating a malicious motion – to detonate the execution of the wiping and backdooring features at a predetermined time.

Destructive Azov Ransomware

“Though the Azov pattern was thought-about skidsware when first encountered […], when probed additional one finds very superior strategies — manually crafted meeting, injecting payloads into executables to be able to backdoor them, and a number of other anti-analysis tips often reserved for safety textbooks or high-profile brand-name cybercrime instruments,” Vinopal added.

The event comes amid a profusion of damaging wiper assaults because the begin of the 12 months. This contains WhisperGate, HermeticWiper, AcidRain, IsaacWiper, CaddyWiper, Industroyer2, DoubleZero, RURansom, and CryWiper.

Final week, safety agency ESET disclosed one other beforehand unseen wiper referred to as Fantasy that is unfold utilizing a provide chain assault concentrating on an Israeli software program firm to focus on clients within the diamond trade. The malware has been linked to a menace actor referred to as Agrius.

Discovered this text fascinating? Observe us on Twitter and LinkedIn to learn extra unique content material we put up.


Please enter your comment!
Please enter your name here