Digital SecurityTechnology For SMEs

Analysis: Azov Ransomware is a Wiper, not Ransomware

Photo of SMEStreet Edit Desk SMEStreet Edit Desk Follow on Twitter Send an email December 28, 2022Last Updated: December 28, 2022
0 1 minute read
samSam, Ransomware,CDOT, SMEStreet.in

Sharing is caring!

Check Point Research (CPR) releases the first technical analysis of Azov ransomware, proving it to be an advanced wiper and not ransomware. The malware is intricately designed to overwrite files to an unrecognizable point and destroy the compromised system it runs on entirely.

  • CPR sees 17,000 Azov-related samples
  • Malware is capable of modifying certain 64-bit executables to execute its own code
  • CPR identifies two versions of “Azov ransomware”

Check Point Research is releasing its analysis of “Azov ransomware”, proving it to be an advanced wiper and not ransomware. The malware is capable of overwriting files and destroying the compromised system it executes on.

In October, a threat actor began distributing ‘Azov Ransomware’ through cracks and pirated software that pretended to encrypt victims’ files.

CPR sees over 17,000 Azov-related samples submitted to VirusTotal.

Wiper Details:

  • Capable of of modifying certain 64-bit executables to execute its own code
  • Seen in two different versions, one older and one slightly newer
  • Newer version uses a different ransom note, as well as a different file extension for destroyed files
  • Uses SmokeLoader botnet and trojanized programs to spread
  • Logic bomb” set to detonate at a certain time

Eli Smadja, Head of Research at Check Point Software says, “Azov ransomware is not ransomware. It’s actually a very advanced and well written wiper, delicately designed to destroy the compromised system it runs on. We have conducted the first deep analysis of the malware, proving its true wiper identity. One thing that sets Azov apart from your garden-variety wipers is its modification of certain 64-bit executables to execute its own code.The modification of executables is done using polymorphic code, so as not to be potentially foiled by static signatures. The malware uses the SmokeLoader botnet and trojanized programs to spread. This is one of the more serious malware to beware of, as it is capable of making the system and files unrecoverable.”

Safety Tips:

  • Backup your data
  • Keep your patches up-to-date
  • Strengthen your authentication

 

Tags
Photo of SMEStreet Edit Desk SMEStreet Edit Desk Follow on Twitter Send an email December 28, 2022Last Updated: December 28, 2022
0 1 minute read
Photo of SMEStreet Edit Desk

SMEStreet Edit Desk

SMEStreet Edit Desk is a small group of excited and motivated journalists and editors who are committed to building MSME ecosystem through valuable information and knowledge spread.

Related Articles

LtoR - Navneet Ravikar, CMD, Leads Connect Service & Amit Boni, Founder, Ensuredit at the signing of the MoU

Leads Connect Services and Ensuredit Announce Joint Venture

9 hours ago
Reliance Jio

JioCinema’s Digital Powerplay in TATA IPL 2023 Ushers In a New Era as More than 12 Crore Viewers Tune-in to Watch the Final

9 hours ago
Rajvinder Singh Kohli, Newgen

NewgenONE OmniDocs Platform Now Available on Temenos Exchange

18 hours ago
Tata Elxsi

Tata Elxsi wins three e4M India Design Excellence Awards

2 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: