More details about Azov ransomware data wiper emerge

Widely distributed data wiper Azov ransomware has been developed to enable data corruption, BleepingComputer reports. Devices infected with Azov Ransomware had all their data corrupted upon the end of the malware's dormancy until Oct. 27 at 10:14:30 AM UTC, according to Checkpoint security researcher Ji Vinopal, who added that Azov overwrites and corrupts data in alternating 666-byte chunks. "This works in a loop, so wiped file structure would look like this: 666 bytes of garbage, 666 bytes original, 666bytes of garbage, 666 bytes original, etc," said Vinopal. Meanwhile, other 64-bit executables without certain strings will also be infected by the data wiper. "Backdooring of the files works in a polymorphic way, which means the same shellcodes used to backdoor files are every time encoded differently," Vinopal added. Distribution of Azov ransomware continues through the use of the SmokeLoader botnet malware, which could mean simultaneous installation of password-stealing malware and other backdoors.