New Ransomware Attack Tries to Frame Security Researchers

New Ransomware Attack Tries to Frame Security Researchers

Most ransomware tries to extract a ransom for the restoration of files, hence the name. Whether or not the nefarious individuals behind the attack hold up their side varies, but a new version of the Azov Ransomware doesn’t bother. Instead of demanding Bitcoin, it tells infected individuals to contact security researchers and cybersecurity publication BleepingComputer, as if they are the authors of the malware. However, this is just an attempt to frame the good guys.

While Azov has some features of ransomware, and it presents itself as such, it’s more accurate to call it a data wiper. The updated malware began appearing on systems over the past few days after purchasing installs via the SmokeLoader malware. People often pick up SmokeLoader on sketchy sites that offer key generators, software cracks, and game cheats. This botnet is used to distribute numerous pieces of nasty hacking software, including other ransomware. There are even people whose systems have been double-encrypted, first by Azov and then by the STOP ransomware.

When introduced on a system, the malware launches itself from a temporary directory, usually with the addition of a Windows registry key. The executable scans all drives on the computer to find files that don’t have ini, exe, or dll extensions. Whenever it finds something else, like a document, image, or video, it encrypts it and appends the .azov file extension to the end.

New Ransomware Attack Tries to Frame Security Researchers

In each folder containing encrypted files, Azov creates a text document called “RESTORE_FILES.txt,” which you can see above. Usually, this is where your average ransomware would ask for money to decrypt the files. As BleepingComputer reports, the text document claims to be written by Polish security researcher and malware analyst Hasherezade. The document tells users to reach out to Hasherezade, BleepingComputer (and owner Lawrence Abrams), Vitali Kremez, and other cybersecurity pros on Twitter. Hasherezade notes in a statement that it’s common for malware authors to try and frame researchers.

Naturally, none of those people will be able to do anything about the encrypted files, but that’s not the intent. The attackers seem to want to implicate these individuals while also sewing chaos online. The document also makes some pro-Russian statements about the war in Ukraine, transparently dressed up as support for ending the war. It’s possible someone will find a way to unlock the files encrypted by Azov, but for the time being, they should be considered toast.

Continue reading

The Best Smart Home Security Systems
The Best Smart Home Security Systems

Once a niche business with a few traditional players and some startups, home security systems are now a major battleground for not just security companies, but several internet giants. We round up highlights of the most popular options for 2020.

Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs

Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.

Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.

A File Sharing App With 1 Billion Downloads Has a Major Security Flaw
A File Sharing App With 1 Billion Downloads Has a Major Security Flaw

Trend Micro says SHAREit is a security nightmare that could allow intruders to sneak a peek at your data or even install malware. Perhaps most troublingly, the developers have not responded to Trend Micro's warnings.