The new devastating Azov ransomware is actively spreading through pirated software, key generators and adware packages, trying to impersonate well-known security researchers behind the attack.

The Azov ransomware claims it was accidentally created by a well-known security researcher named Hasherazade, and other researchers say that me and BleepingComputer were involved in the operation.

The ransom note, titled RESTORE_FILES.txt, says that the devices were encrypted to protest the capture of Crimea and that Western countries did not do enough to help Ukraine in its war against Russia.

The ransom note asks victims to contact BleepingComputer, MalwareHunterTeam, Michael Gillespie or Vitalii Kremez on Twitter to recover files, falsely implying that we are involved in a ransomware operation.

To be clear, what is listed in the ransom note is not related to this ransomware and was created by the threat. Therefore, unfortunately, we do not have the decryption keys and cannot help. Also, since there is no way to contact threat actors to pay the ransom, this malware should be considered a destructive data deletion rather than ransomware.

Unfortunately, victims have started contacting BleepingComputer for help with file recovery and there is currently no known way to help, no matter how much we want to help. Although the attackers claim they did this to support Ukraine, BleepingComputer is aware of a Ukrainian organization affected by this data wipe.

Wiler takes its name from the Ukrainian Azov Regiment, a controversial military force in the past allegedly associated with neo-Nazi ideology. This isn’t the first time attackers have tried to frame security researchers for their malware. Source