WTF? This demonic malware deletes your data in loops of 666 bytes

malware
(Image credit: Getty Images/CHUYN)

A bizarre, unnerving malware dubbed Azov Ransomware deliberately wipes and destroy your data, but there's something atypical about how this so-called "ransomware" behaves.

The expected modus operandi of ransomware is that it renders your files inaccessible in some capacity (e.g. encrypting your files), but to recover your contents, you'll have to pony up your hard-earned money before the cybercriminals relinquish your data.

Azov Ransomware is a bit of a misnomer; it doesn't demand ransom from innocent targets. Instead, it wipes victims' data and requests that they contact certain security researchers and journalists, framing them as the masterminds behind the malware (h/t Bleeping Computer).

The note issued to victims of Azov Ransomware

A programmer known as @hasherezade is one of the victims of framing with this Azov Ransomware fiasco.

In late October, the programmer took to Twitter to clear their name. "I am not in any ways affiliated with Azov (or any other #ransomware). It's a common practice among cybercriminals to try to frame security researchers."

See more

Within the tweet, you can read the note that's issued to Azov Ransomware victims. Funnily enough, even Bleeping Computer was framed. As such, the tech journalism outlet had to clear its name, too.

"To be clear, BleepingComputer and myself are not affiliated with 'Azov' ransomware or any other malware," Editor-in-Chief of Bleeping Computer Lawrence Abrams said in a tweet. "Sadly, people have already contacted me to receive help decrypting files, including a victim in Ukraine, and we have no way of helping at this time." 

How do victims get infected with Azov Ransomware?

According to Bleeping Computer, this malware continues to be widely distributed around the world. As it turns out, people have gotten their systems infected with Azov Ransomware after pirating software that masquerades as another application.

The malware, according to Check Point security searcher Jiří Vinopal, is a new "destructive data wiper" that is designed to overwrite chunks of data in loops of 666 bytes. The number 666 is often associated with the devil, which hints that the threat actor's intentions are less than noble.

To add salt to injury, not only can Azov wipe data, but it is also capable of infecting other programs on victims' systems.

As of this writing, no one knows why the cybercriminal is targeting security researchers and tech journalists, but the most popular theory is that this threat actor is nothing more than a malicious troll.

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!