This odd ransomware deletes your data a few bytes at a time – a data wiper reportedly replaces every other 666 bytes of data with just junk.
This Odd Ransomware Deletes Your Data A Few Bytes at a Time
A brand new data-wiping malware has just been detected, infecting more and more endpoints with every passing day, but one thing that is most curious is that this data-wiping malware in question poses as ransomware.
The malware in question is known as Azov Ransomware and when it runs on the device of a victim it overwrites file data with junk thus rendering the files useless. The overwrite is cyclical meaning that the malware would overwrite 666 bytes of data and then leave the next 666 intact and then repeat the process all over again.
And even though there is no way to get the corrupted files back, there really is no description key or ransom demands. The malware comes with a ransom note saying that victims should reach out to security researchers and journalists for assistance.
The Azov Ransomware Comes With a Trigger
One other curious thing about Azov ransomware is that it comes with a trigger, having it to idly sit on the endpoint until October 27, 10:14:30 AM UTC, after which from that point on all hell breaks loose.
When this date finally comes, the victim does not need to necessarily run the exact executable running which just about any program will be able to do. This simply is because the wiper will infect all other 64-bit executables on the devices whose file paths do not hold these set of strings: :\Windows
\ProgramData\
\cache2\entries
\Low\Content.IE5\
\User Data\Default\Cache\
Documents and Settings
\All Users,
Running a benign program in other words would make the computer crash and then ruin and spoil all of the data on it.
Azon Ransomware Is Distributed Via the Smokeloader Botnet
Azon Ransomware at the moment is being distributed via the Smokeloader botnet which is popularly found in fake pirated software and crack sites.
The Motive of the Ransomware
The motive of the person or group that is behind this wiper at the moment still remains unclear. And while some researchers think that the wiper is being used as a cover-up for other malicious activities and behavior, others think that the motive is nothing just more than to troll the cybersecurity community.
