December 13, 2022Rabbi LakshmananData Security / Endpoint Security

Cybersecurity researchers have exposed an internal structure called a new wiper Azov ransomware It is designed to intentionally destroy data and “cause irreproachable damage” to compromised systems.

Distributed via another malware loader known as SmokeLoader, the malware explained As an “effective, fast and unfortunately unrecoverable data wiper” by Israeli cybersecurity firm Check Point.

The wiper routine is set to overwrite the file contents using alternating chunks of 666 bytes and random noise. intermittent encryption This is increasingly being leveraged by ransomware operators to evade detection and encrypt victims’ files more quickly.

cyber security

“One of the differences between ransomware in general and Azov is that it modifies certain 64-bit executables to run their own code,” says threat researcher Jiří Vinopal. said Mr. “Modification of the executable is done using polymorphic code so that static signatures cannot possibly fail.”

Azov Ransomware also incorporates logic bombs (a set of conditions that must be met before activating malicious actions) that detonate the execution of erasing and backdoor functions at predetermined times.

Destructive Azov Ransomware

“The Azov sample was considered skidware when first encountered, […]Further investigation reveals manually crafted assemblies, highly sophisticated techniques for injecting payloads into executables to create backdoors, and typically for security textbooks or well-known brand name cybercriminal tools. You will find some anti-analysis tricks reserved for ,” Vinopal added.

This development comes amid a slew of devastating wiper attacks since the beginning of the year. This includes WhisperGate, HermeticWiper, AcidRain, IsaacWiper, CaddyWiper, Industroyer2, DoubleZero, RURansom, and CryWiper.

Last week, security firm ESET revealed another unknown wiper called Fantasy. This wiper was spread using a supply chain attack that targeted an Israeli software company and targeted customers in the diamond industry. This malware is associated with an actor called Agrius.

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog