Azov Ransomware

Azov Ransomware is a new destructive wiper extension that appeared in the month of October 2022. A peculiarity of this ransomware is that it is not an extortion operation as it does not charge ransoms, in fact, it only encrypts the victims’ data.

Azov is distributed via malware known as SmokeLoader, which infects machines via contaminated e-mails and advertisements. When the SmokeLoader file is executed, it carries with it the Azov ransomware and also another extension called STOP ransomware.

After encryption, all files are given the extension “.azov”(except .ini, .dll and .exe files) and a ransom note called “RESTORE_FILES.txt” is added to all folders on the device, containing the text fixed at the top of the page.

In short, the creator claims to be a famous security researcher in the field of malware and links to BleepingComputer and affiliated agents as a contact for recovery.

However in an official statement on Bleeping’s website, they dispute this saying that the information is false and that they have no solution.

The statement also shows that the creators support Ukraine in the current war, which points to the origin of the name of this extension, which is the same as the name of the Ukrainian National Guard unit (Azov).

Recover files encrypted by Azov ransomware

Even without contacting the hackers of this extension, Digital Recovery is willing to try to recover your data.

With over 23 years of experience in the recovery industry, we have the expertise to recover files encrypted by ransomware.

We have been able to perform several recoveries in a variety of extensions and many of them we can operate 100% remotely.

In specific cases, we know that encryption can cause serious damage to production lines. So, if that is your case, we can operate in emergency mode to deliver the solution in the shortest possible time. This includes specialists working around the clock for your recovery.

We are also tasked with setting your business up again in accordance with the General Data Protection Regulation (GDPR). And for complete confidentiality of the operation, we provide a Non-Disclosure Agreement (NDA).

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.