New Ransomware Attack Tries to Frame Security Researchers

New Ransomware Attack Tries to Frame Security Researchers

Most ransomware tries to extract a ransom for the restoration of files, hence the name. Whether or not the nefarious individuals behind the attack hold up their side varies, but a new version of the Azov Ransomware doesn’t bother. Instead of demanding Bitcoin, it tells infected individuals to contact security researchers and cybersecurity publication BleepingComputer, as if they are the authors of the malware. However, this is just an attempt to frame the good guys.

While Azov has some features of ransomware, and it presents itself as such, it’s more accurate to call it a data wiper. The updated malware began appearing on systems over the past few days after purchasing installs via the SmokeLoader malware. People often pick up SmokeLoader on sketchy sites that offer key generators, software cracks, and game cheats. This botnet is used to distribute numerous pieces of nasty hacking software, including other ransomware. There are even people whose systems have been double-encrypted, first by Azov and then by the STOP ransomware.

When introduced on a system, the malware launches itself from a temporary directory, usually with the addition of a Windows registry key. The executable scans all drives on the computer to find files that don’t have ini, exe, or dll extensions. Whenever it finds something else, like a document, image, or video, it encrypts it and appends the .azov file extension to the end.

New Ransomware Attack Tries to Frame Security Researchers

In each folder containing encrypted files, Azov creates a text document called “RESTORE_FILES.txt,” which you can see above. Usually, this is where your average ransomware would ask for money to decrypt the files. As BleepingComputer reports, the text document claims to be written by Polish security researcher and malware analyst Hasherezade. The document tells users to reach out to Hasherezade, BleepingComputer (and owner Lawrence Abrams), Vitali Kremez, and other cybersecurity pros on Twitter. Hasherezade notes in a statement that it’s common for malware authors to try and frame researchers.

Naturally, none of those people will be able to do anything about the encrypted files, but that’s not the intent. The attackers seem to want to implicate these individuals while also sewing chaos online. The document also makes some pro-Russian statements about the war in Ukraine, transparently dressed up as support for ending the war. It’s possible someone will find a way to unlock the files encrypted by Azov, but for the time being, they should be considered toast.

Continue reading

MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing

Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.

Huawei Sells Honor Brand Amid Tightening Trade Restrictions
Huawei Sells Honor Brand Amid Tightening Trade Restrictions

(Credit: Kevin Frayer/Getty Images)Huawei has been battered by US trade restrictions in the last few years, and it’s taking a toll on the company’s long-term stability. Experts don’t expect a radical change when the new US administration comes to power next year, so Huawei is beginning to take drastic action. It has sold its Honor…

IBM, Fujifilm Set New Areal Density Record With 580TB Tape Cartridge
IBM, Fujifilm Set New Areal Density Record With 580TB Tape Cartridge

IBM and Fujifilm have announced a breakthrough that might one day enable tape cartridges at 580TB capacities or more.

Samsung’s 870 EVO SSDs: SATA Strikes Back
Samsung’s 870 EVO SSDs: SATA Strikes Back

Samsung's new 870 EVO is one of the fastest SSDs around — and if you need a drive in a 4TB flavor, the price isn't too bad, either.