BleepingComputer reports that popular security researchers are being incriminated by the novel and widely distributed data wiper dubbed "Azov Ransomware."
Aside from putting out false claims that security researcher Hasherazade developed the data wiper, Azov Ransomware also purports that other security researchers including Vitali Kremez, Michael Gillespie, Lawrence Abrams, and MalwareHunterTeam and BleepingComputer are part of its operation, with the included ransom note indicating that device encryption had been done as a form of protest against inadequate Western assistance to Ukraine amid the country's ongoing war with Russia.
Threat actors behind the Azov wiper are believed to have bought installs via the SmokeLoader malware botnet to enable the data wiper's delivery.
Victims have been noted by BleepingComputer to be double-encrypted with Azov and STOP ransomware, with SmokeLoader distributed simultaneously.
Attempted incrimination of security researchers in malware has already been done by Apocalypse ransomware in 2016, which renamed one of its strains to frame Fabian Wosar, and Maze ransomware in 2020, which attempted to frame Vitali Kremez.
Numerous Ukrainian organizations have been compromised by a wave of attacks using the novel .NET-based RansomBoggs ransomware strain, which resembled prior attacks by the Russian state-sponsored threat operation Sandworm, reports The Hacker News.
Cincinnati State Technical and Community College has been impacted by a Vice Society ransomware attack, with allegedly stolen data being leaked by the attackers on their Tor data leak site, BleepingComputer reports.