At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    New Polymorphic Wiper Malware Leaves Attacked Environments “Unrecoverable”

    As an apparent method of political commentary on the war in Ukraine, the new Azov wiper uses a mix of intermittent overwriting and trojanizing Windows binaries to annihilate its’ victims.

    When the Ukraine war started earlier this year, we started seeing a barrage of “wiper” malware – designed to “wipe out” victim systems, making them unusable. We’ve looked at HermeticWiper, CaddyWiper, and a few others – including the first sighting of the Azov wiper.

    A new analysis of the wiper malware from Check Point Research shows just how crafty and nasty it really is. First off, it overwrites 666 bytes of data with random noise, skips 666 bytes and repeats the process until it reaches 4GB of data – at which point, it leaves the remainder of the file intact. This use of intermittent wiping makes the attack – according to Check Point – “effective, fast, and unfortunately unrecoverable.”

    To establish persistence, Azov takes existing 64-bit Windows system such as binary msiexec.exe or perfmon.exe and trojanizes them (according to Check Point, similarly to a backdooring process) and saves them as rdpclient.exe, calling them from the registry’s Run key.

    Most of Azov’s initial attack vectors were pirated software, but that doesn’t make organizations today safe; all it takes it one technically-savvy user who “thinks they know what they’re doing” with less-than-reputable downloads from the Internet, and the entire org can be wiped out.

    It’s necessary to educate users on the dangers of engaging with any unknown binaries on corporate endpoints – something taught with Security Awareness Training – to keep the organization from being put at risk of cyberattack.

    I’d expect to see wiper malware continue to grow, as – based on the news coverage – it works as a means of making a political statement.

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top