Ransomware is a type of malware that threatens to destroy or withhold a victim’s critical data and information unless a ransom is paid to the attacker with no guarantee of recovery for most cases. Such attacks are on a steep upward trend, arising as one of the fastest-growing cyber threats in recent years wreaking havoc across a range of industries. According to a cyberattack statistics published by Cybersecurity Ventures, annual ransomware damages will skyrocket to $20 Billion (USD) by this year and data breaches after a ransomware attack come with an exorbitant financial and reputational cost.
An incident of a novel and devastating “Azov Ransomware” was reported by BleepingComputer recently. Being described as a destructive data wiper, this ransomware is currently being heavily distributed throughout pirated softwares, key generators and adware bundles while deceitfully claiming to be created by a well-known security researcher named Hasherazade and lists other researchers as collaborators such as Lawrence Abrams and BleepingComputer.
The ransom note found with this ransomware titled “RESTORE_FILES.txt” highlights that the encryption of devices through Azov Ransomware is in protest against the Russian invasion of Crimea and Ukraine. Furthermore, the note instructs the victims to contact BleepingComputer, MalwareHunterTeam, Michael Gillespie or Vitali Kremez on Twitter for assistance in recovering files through specific decryption keys. As a result, they are wrongfully accused of being a part of this ransomware operation. The Azov Ransomware group also proclaims to be associated with the Ukrainian Azov Regiment as it name suggests, a controversial military force allegedly affiliated with Neo-Nazi ideology in the past. The claim made by the threat actors of executing the ransomware attack in solidarity with Ukraine has no legitimacy since BleepingComputer asserts to know of a Ukrainian organization affected by this ransomware.
The ransomware group purchased “installs” through the “SmokeLoader” malware botnet to distribute this ransomware through sites that distribute fake software cracks, game modifications, cheats and key generators to infect and cripple victim systems along with other malwares and information stealing trojans such as “RedLine” information stealer and “STOP Ransomware”. BleepingComputer is conservant with the fact that the victims of these attacks are being double-encrypted with simultaneous attacks from two ransomwares leading to the extortion of data. It is strongly advised to immediately change the passwords of your online accounts such as banking, password managers and email accounts as a precaution.
Fostering internal awareness on how to identify a potential ransomware attack is a critical first line of cybersecurity defense for organizations and individuals alike. The main difference between defending against ransomware attacks and other types of cyberattacks is that ransomware represents a far higher risk to organizations and the individuals. Thus, taking proper precautions should be widely exercised in securing your critical data and assets from attacks like Azov Ransomware.