The data wiper scans all computer drives and encrypts any file that doesn’t have the .exe, .dll, and .ini extensions.
Why this matters
The threat actors are claiming that they are doing this as a protest against Crimea’s seizure but Bleeping Computer is aware of a Ukrainian victim.
The victims have already started contacting the researchers for help with decrypting the files.
Furthermore, there is no way for victims to contact the threat actors. Therefore, Azov Ransomware should be treated as a destructive data wiper and not some ransomware.
The bottom line
While researchers are analyzing Azov Ransomware to find weaknesses in its encryption, at this point, it is destructive and there’s no way to get a decryptor. Moreover, the researchers have warned that if your system is infected with this data wiper, you likely have other info-stealers, too, in your systems.