Techly NewsGet the app

Get the latest tech news

Many ransomware strains will abort if they detect a Russian keyboard installed (2021)


In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that…

DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin. KrebsOnSecurity asked Nixon’s colleague at Unit221B — founder Lance James — what he thought about the efficacy of another anti-malware approach suggested by Twitter followers who chimed in on last week’s discussion: Adding entries to the Windows registry that specify the system is running as a virtual machine (VM).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Russian

Russian

Photo of ransomware strains

ransomware strains

Photo of Russian keyboard

Russian keyboard

Related news:

News photo

Russian hackers bypass Gmail MFA using stolen app passwords

News photo

Users spot Russian flag elements in Pentagon’s Flag Day post

News photo

Poland’s Presidential Election Campaign Faced Unprecedented Russian Interference, Officials Say

« Most ints are not floats
Trump claims a 'very wealthy' group will buy TikTok without revealing who »