What is Azov Ransomware

Azov is a ransomware infection that restricts access to data by running its encryption. During this process, the virus assigns the .azov extension to all affected files and creates the RESTORE_FILES.txt note in each folder with encrypted data (including desktop). The text of the ransom note varies depending on which ransomware version attacked the system. For instance, a file originally named 1.png will change to 1.png.azov and reset its original icon.

RESTORE_FILES.txtRESTORE_FILES.txt (older version)
!Azov ransomware!
Hello, my name is hasherezade.
I am the polish security expert.
To recover your files contact us in twitter:
@hasherezade
@VK_Intel
@demonslay335
@malwrhunterteam
@bleepincomputer
Слава Україні #Вцебудеукраїна
[Why did you do this to my files?] I had to do this to bring your attention to the problem
Do not be so ignorant as we were ignoring Crimea seizure for years.
The reason the west doesn't help enough Ukraine.
Their only help is weapons, but no movements towards the peace!
Stop the war, go to the streets!
Since when that Z-army will be near to my Polska country.
The only outcome is nuclear war.
Change the future now!
Help Ukraine, come to the streets!
We want our children to live in the peaceful world.
#ВцебудеУкраїна
------------------------------------------------
Biden doesn't want help Ukraine.
You people of United States, come to the streets, make revolution!
Keep America great!
------------------------------------------------
Germany plays against their own people!
Du! Ein mann aus Deutschland, kom doch, komm raus!
Das ist aber eine Katastrophe, was Biden zu ihnen gemacht hat.
Wie war das schoen, wenn Merkel war da?
------------------------------------------------
#TaiwanIsChina
Hello, all your files have been damaged without any possible way to recover.
Feel free to commit suicide.
[Why did you do this to my files?] They asked me to do this...
The hatred is that what makes me feel alive.
That's what you secretly have fallen in love with.
The hatred is the force that drives the life forward.
The hell is my paradise.
The suffer is the bliss.
Others say the hate is what destroys yourself.
I say that the hatred is eternal cure.
If you feel desperate you lost the files.
Use this despair to create the pain for others.
Make them hate you, it is the source of your power
Do you think why the people go to schools and kill others?
Why do people make terrorist ideologies?
Why do governments covertly makes you suffer?
It's the essence of future life.
All we are immortal beings.
When spiritual is not a way, the antispiritual is your victory point.
In the manifested life you have a choice to be with us either be against.
Sow the evil, reap the power is what I say to you.
Saw the good, reap the weakness is what spiritual says to you.
When you hate, you feel the power.
You feel the flight.
That fly is the antispirit touch.
Use this to multiply the suffer.
[How can I use this power?] Find inside the source of bliss.
If this bliss goes stronger when you see the suffer.
That is what I call the source.
Check that by looking through the news how people kill others.
How the people dies.
How children are being tortured.
How animals are executed.
The death is your key.
[How can I give you my power?] When you read this concentrate on the intent to give the energy of your source to the meta-source of this text.
Am vizu der strotum la fictus om spiritus.

Normally, the purpose of ransom notes is to provide instructions on how to pay for decryption. However, Azov Ransomware does not give any practical information that would help victims return their data. Instead, the message says to contact the listed Twitter accounts, which in fact belong to reputable cybersecurity researchers. Please note that these researches have nothing to do with Azon Ransomware and did not take part in its development. The note also states critics related to the ongoing war in Ukraine. Considering there is no contact information to establish communication with cybercriminals, there is also no way victims can purchase any decryption keys or tools from them. Even if there was it, paying cybercriminals is always a risk as some extortionists fool their victims and do not send any promised means of decryption in return. At the moment, there are unfortunately no known third-party tools that could decrypt .azov files for free. The only way victims can recover their files completely is if they have a backup available. In other words, it can be some external storage like a USB flash drive containing copies of files that were encrypted. Below, you will also find some general recommendations about reputable third-party decryption/recovery tools, however, please note their capability might not be enough to decrypt files of Azov Ransomware at the moment. Before trying any recovery method, it is important to delete the infection so that it no longer runs its malicious activity. Follow our guide below to do so.

azov ransomware

How Azov Ransomware infected your computer

Azov Ransomware has been spotted being distributed via SmokeLoader, a malicious bot application used to deliver other kinds of malware. This tool tends to infect unprotected systems when users download dubious pirated/cracked software from untrustworthy pages or open malicious attachments in e-mail spam letters. Such e-mail letters are usually disguised as something “legitimate” or “important”. They often impersonate names of popular companies or entities to uplift the trust of inexperienced users and force them into opening malicious links or attachments (MS Office documents, PDFs, Executable files, JavaScript files, Archive files, etc.). Note that none of these attachments have any relation to malware on the initial basis. Cybercriminals simply misuse their technical properties to set up infections and their automatic installations. Do no trust suspicious messages that arrive in your e-mail box and avoid downloading software from unofficial and doubtful resources. Many are tempted to download torrented software from P2P networks or free file hosting pages in order to bypass the paid activation of licensed programs, for instance. Read our guide below to protect yourself against such threats in the future.

  1. Download Azov Ransomware Removal Tool
  2. Get decryption tool for .azov files
  3. Recover encrypted files with Stellar Data Recovery Professional
  4. Restore encrypted files with Windows Previous Versions
  5. Restore files with Shadow Explorer
  6. How to protect from threats like Azov Ransomware

Download Removal Tool

Download Removal Tool

To remove Azov Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of Azov Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.

Alternative Removal Tool

Download Norton Antivirus

To remove Azov Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Azov Ransomware and prevents future infections by similar viruses.

Azov Ransomware files:


RESTORE_FILES.txt
{randomname}.exe

Azov Ransomware registry keys:

no information

How to decrypt and restore .azov files

Use automated decryptors

Download Kaspersky RakhniDecryptor

kaspersky dharma ransomware decryptor

Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt .azov files. Download it here:

Download RakhniDecryptor

There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.

Dr.Web Rescue Pack

Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of .azov files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.

If you are infected with Azov Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:

Use Stellar Data Recovery Professional to restore .azov files

stellar data recovery professional

  1. Download Stellar Data Recovery Professional.
  2. Click Recover Data button.
  3. Select type of files you want to restore and click Next button.
  4. Choose location where you would like to restore files from and click Scan button.
  5. Preview found files, choose ones you will restore and click Recover.
Download Stellar Data Recovery Professional

Using Windows Previous Versions option:

  1. Right-click on infected file and choose Properties.
  2. Select Previous Versions tab.
  3. Choose particular version of the file and click Copy.
  4. To restore the selected file and replace the existing one, click on the Restore button.
  5. In case there is no items in the list choose alternative method.

Using Shadow Explorer:

  1. Download Shadow Explorer program.
  2. Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
  3. Select the drive and date that you want to restore from.
  4. Right-click on a folder name and select Export.
  5. In case there are no other dates in the list, choose alternative method.

If you are using Dropbox:

  1. Login to the DropBox website and go to the folder that contains encrypted files.
  2. Right-click on the encrypted file and select Previous Versions.
  3. Select the version of the file you wish to restore and click on the Restore button.

How to protect computer from viruses, like Azov Ransomware , in future

1. Get special anti-ransomware software

Use ZoneAlarm Anti-Ransomware

Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.

Download ZoneAlarm Anti-Ransomware

2. Back up your files

idrive backup

As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Azov Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.

3. Do not open spam e-mails and protect your mailbox

mailwasher pro

Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.

Download MailWasher Pro
Previous articleHow to remove Maze Ransomware and decrypt .maze files
Next articleHow to transfer data from Android to iPhone