A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.

The ransom note, named RESTORE_FILES.txt, says that devices are encrypted in protest of the seizure of Crimea and because Western countries are not doing enough to help Ukraine in their war against Russia.

The wiper takes its name from the Ukrainian Azov Regiment, a controversial military force that allegedly associated with neo-Nazi ideology in the past.

Uh huh, like Hitler was "allegedly" a Nazi.

  • culpritus [any]
    ·
    2 years ago

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bandera" = "C:\ProgramData\rdpclient.exe"

    also the text file of the old version is quite a trip

    CW: https://www.bleepstatic.com/images/news/ransomware/a/azov/old-ransom-note.jpg

    anyone want to translate the latin at the bottom?

    • jackal [he/him]
      ·
      2 years ago

      Do they literally think they're Emperor Palpatine?

    • HumanBehaviorByBjork [any, undecided]
      ·
      2 years ago

      Doesn't look like latin to me. Classical latin doesn't have the letter Z for one thing, and "am" is not a word I'm familiar with

      e: I think it might be auto-translated from another language, and the rest of the message makes me think it's magicky woo woo. the only potentially latin words there are der, fictus, and spiritus.

      • culpritus [any]
        ·
        2 years ago

        ya, it certainly reads like something that's been fed thru a translator or 3