An unknown cybercriminal group is attempting to frame cybersecurity researchers for spreading malware using Azov ransomware. The presently unknown group or hacker leaves ransom notes after the cyberattack with the intent to blame well-renowned cyber security and threat researchers.
As per reports, the cybercriminals are using the Azov ransomware, which is potentially a data wiper, to erase the memory of targeted systems and leave a trail of messages including accusations and reasons behind the cyberattack. The data wiper is then launched on target devices that are using pirated software, key generators, and adware bundles.
According to an advisory posted by the government cybersecurity organization NJCCIC, these cyberattacks are launched using a malware botnet called SmokeLoader. They also use RedLine Stealer, which is data-stealing malware and STOP ransomware.
What does the Azov ransomware do?
The Azov ransomware scans all the target drives, encrypts files, and appends the .azov extension to the files. However, since researchers have neither found any decryption keys nor contact information and the note left on the device asks the victims to contact cybersecurity researchers, the malware is considered a data wiper rather than ransomware.
Moreover, the Azov overwrites data in an alternating sequence of 666 bytes each which further distracts researchers by giving it a religious connotation. The number 666 is often associated with the Antichrist or, the devil.
Azov is named after the Ukrainian Azov regiment, which is a military force. A few of the names the attacker placed on the infected systems included security researchers and firms such as Hasherezade, VK_Intel, Michael Gillespie, and Bleeping computers. This campaign is speculated to be a coverup for other malicious attacks.
One of the notes read,
“!Azov ransomware!
Hello, my name is hasherezade.
I am the polish security expert.
To recover your files contact us in twitter:
@hasherezade
@VK_Intel
@demonslay335
@malwrhunterteam
@bleepincomputer
Слава Україні #Вцебудеукраїна – (this translates to Glory to Ukraine #Ukraine will live)
[Why did you do this to my files?]
I had to do this to bring your attention to the problem
Do not be so ignorant as we were ignoring Crimea seizure for years.
The reason the west doesn’t help enough Ukraine.
Their only help is weapons, but no movements towards the peace!
Stop the war, go to the streets!
Since when that Z-army will be near to my Polska country.
The only outcome is nuclear war.
Change the future now!
Help Ukraine, come to the streets!
We want our children to live in the peaceful world.
#ВцебудеУкраїна” – (the hashtag translates to, ‘Ukraine will live.’
