Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that’s deliberately designed to corrupt data and “inflict impeccable damage” to compromised systems.
Distributed through another malware loader known as SmokeLoader, the malware has been described as an “effective, fast, and unfortunately unrecoverable data wiper,” by Israeli cybersecurity company Check Point. Its origins have yet to be determined.
The wiper routine is set to overwrite a file’s contents in alternating 666-byte chunks with random noise, a technique referred to as intermittent encryption that’s being increasingly leveraged by ransomware operators to evade detection and encrypt victims’ files faster.
“One thing that sets Azov apart from your garden-variety ransomware is its modification of certain 64-bit executables to execute its own code,” threat researcher Jiří Vinopal said. “The modification of executables is done using polymorphic code, so as not to be potentially foiled by static signatures.”
images from Hacker News