Digital SecurityTechnology For SMEs

Analysis: Azov Ransomware is a Wiper, not Ransomware

Photo of SMEStreet Edit Desk SMEStreet Edit Desk Follow on Twitter Send an email December 28, 2022Last Updated: December 28, 2022
0 1 minute read
samSam, Ransomware,CDOT, SMEStreet.in

Sharing is caring!

Check Point Research (CPR) releases the first technical analysis of Azov ransomware, proving it to be an advanced wiper and not ransomware. The malware is intricately designed to overwrite files to an unrecognizable point and destroy the compromised system it runs on entirely.

  • CPR sees 17,000 Azov-related samples
  • Malware is capable of modifying certain 64-bit executables to execute its own code
  • CPR identifies two versions of “Azov ransomware”

Check Point Research is releasing its analysis of “Azov ransomware”, proving it to be an advanced wiper and not ransomware. The malware is capable of overwriting files and destroying the compromised system it executes on.

In October, a threat actor began distributing ‘Azov Ransomware’ through cracks and pirated software that pretended to encrypt victims’ files.

CPR sees over 17,000 Azov-related samples submitted to VirusTotal.

Wiper Details:

  • Capable of of modifying certain 64-bit executables to execute its own code
  • Seen in two different versions, one older and one slightly newer
  • Newer version uses a different ransom note, as well as a different file extension for destroyed files
  • Uses SmokeLoader botnet and trojanized programs to spread
  • Logic bomb” set to detonate at a certain time

Eli Smadja, Head of Research at Check Point Software says, “Azov ransomware is not ransomware. It’s actually a very advanced and well written wiper, delicately designed to destroy the compromised system it runs on. We have conducted the first deep analysis of the malware, proving its true wiper identity. One thing that sets Azov apart from your garden-variety wipers is its modification of certain 64-bit executables to execute its own code.The modification of executables is done using polymorphic code, so as not to be potentially foiled by static signatures. The malware uses the SmokeLoader botnet and trojanized programs to spread. This is one of the more serious malware to beware of, as it is capable of making the system and files unrecoverable.”

Safety Tips:

  • Backup your data
  • Keep your patches up-to-date
  • Strengthen your authentication

 

Tags
Photo of SMEStreet Edit Desk SMEStreet Edit Desk Follow on Twitter Send an email December 28, 2022Last Updated: December 28, 2022
0 1 minute read
Photo of SMEStreet Edit Desk

SMEStreet Edit Desk

SMEStreet Edit Desk is a small group of excited and motivated journalists and editors who are committed to building MSME ecosystem through valuable information and knowledge spread.

Related Articles

Amazon India, Amazon, Amazon Hindi

Amazon Business Attracts MSMEs Through Deals on End of Financial Year Sale Event

17 hours ago

Oracle Launched Java 20 on Java Developer Day at Oracle DevLive Level Up Event

17 hours ago
Rajeev Chandrashekhar,

AWS Think Big Science Carnival in Navi Mumbai Attracts Youth

17 hours ago
Yogesh Agrawal, CEO and Co-Founder, Consistent Infosystems Private Limited

Consistent Infosystems to Display its Array of Technology Products at Convergence India Expo

2 days ago

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button
%d bloggers like this: