Updated on 2022-12-13
Check Point has a technical breakdown of Azov, a data wiper that was deployed in the wild in September and November. The malware was delivered on systems previously infected with the SmokeLoader malware, tried to frame known security researchers as its authors, and according to Check Point, was “an egregious false flag meant to incite anger at Ukraine and troll victims.” Read more: Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper
Overview
Several security researchers have spotted a new destructive data-wiping malware strain being deployed on computers across the world in limited numbers over the past few days. According to current evidence, the malware is deployed on computers that have been previously infected with the SmokeLoader malware. Once deployed, the malware wipes user files and leaves a ransom note behind, trying to pose as an attack by the Azov ransomware. The ransom note claims the ransomware was developed by Polish malware researcher Aleksandra “hasherezade” Doniec in an attempt to bring attention to Russia’s invasion of Ukraine, which is obviously a ruse meant to disguise its true origin and destructive actions. Read more: New Azov data wiper tries to frame researchers and BleepingComputer